--- a/usr/src/cmd/rad/mod/xport_pipe/Makefile Fri May 18 01:37:59 2012 -0400
+++ b/usr/src/cmd/rad/mod/xport_pipe/Makefile Fri May 18 11:08:12 2012 -0400
@@ -29,8 +29,8 @@
LINTLDLIBS += -lbsm
MOD_APIS=pipe
-MOD_OBJS=mod_xport_pipe.o
-MOD_LIBNAME=mod_xport_pipe.so
+MOD_OBJS=mod_pipe.o
+MOD_LIBNAME=mod_pipe.so
MOD_INSTALLDIR=$(RADDIR_XPORT)
include ../Makefile.com
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/rad/mod/xport_pipe/mod_pipe.c Fri May 18 11:08:12 2012 -0400
@@ -0,0 +1,159 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <bsm/adt_event.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <pthread.h>
+#include <ucred.h>
+
+#include <rad/adr_stream.h>
+#include "rad_object.h"
+#include "rad_modapi.h"
+#include "rad_modapi_xport.h"
+#include "rad_connection.h"
+#include "rad_xport.h"
+
+#include "api_pipe.h"
+
+static rad_moderr_t
+pipe_listen(rad_thread_t *arg)
+{
+ int fdin;
+ data_t *data = rad_thread_arg(arg);
+ data_t *exitprop = struct_get(data, "exit");
+ rad_subject_t *subject;
+ rad_moderr_t result = rm_ok;
+ ucred_t *uc = ucred_get(P_MYID);
+
+ adr_stream_t *stream;
+ data_t *fdprop = struct_get(data, "fd");
+ if (fdprop) {
+ fdin = data_to_integer(fdprop);
+ stream = adr_stream_create_fd(fdin);
+ } else {
+ fdin = STDIN_FILENO;
+ stream = adr_stream_create_fds(fdin, STDOUT_FILENO);
+ }
+ if (stream == NULL) {
+ rad_log(RL_ERROR, "failed to allocate connection");
+ goto done;
+ }
+
+ if (uc == NULL ||
+ (subject = rad_subject_create_ucred(uc, B_FALSE, NULL)) == NULL) {
+ rad_log(RL_ERROR, "failed to allocate connection");
+ adr_stream_close(stream);
+ adr_stream_free(stream);
+ result = rm_system;
+ goto done;
+ }
+
+ rad_protocol_t *proto = rad_proto_find("rad");
+ if (proto == NULL) {
+ rad_log(RL_ERROR, "unable to find protocol \"rad\"");
+ rad_subject_unref(subject);
+ adr_stream_close(stream);
+ adr_stream_free(stream);
+ result = rm_config;
+ goto done;
+ }
+
+ radmod_connection_t *conn = rad_conn_create_fd(fdin, B_FALSE);
+ if (conn == NULL) {
+ rad_log(RL_WARN, "failed to allocate connection");
+ rad_subject_unref(subject);
+ adr_stream_close(stream);
+ adr_stream_free(stream);
+ result = rm_system;
+ goto done;
+ }
+ conn->rm_conn_xport = stream;
+ conn->rm_conn_proto_ops = proto;
+
+ if (!rad_conn_setsubject(conn, subject)) {
+ rad_log(RL_WARN, "failed to set connection subject");
+ rad_conn_close(conn);
+ rad_conn_free(conn);
+ result = rm_system;
+ goto done;
+ }
+ rad_thread_ack(arg, rm_ok);
+ rad_proto_handle(conn);
+ rad_conn_free(conn);
+
+done:
+ if (exitprop != NULL) {
+ assert(data_basetype(exitprop) == dt_boolean);
+ if (data_to_boolean(exitprop)) {
+ rad_log(result == rm_ok ? RL_DEBUG : RL_WARN,
+ "exit triggered by pipe connector");
+ exit(0);
+ }
+ }
+ return (result);
+}
+
+static boolean_t running = B_FALSE;
+
+static rad_moderr_t
+stdin_starter(data_t *data)
+{
+ rad_moderr_t result;
+
+ if (running) {
+ /* Until we permit configuring the fd */
+ rad_log(RL_ERROR,
+ "Only one stdin transport may be running at a time.\n");
+ return (rm_config);
+ }
+
+ result = rad_thread_create(pipe_listen, data);
+ if (result == rm_ok)
+ running = B_TRUE;
+ return (result);
+}
+
+static rad_moderr_t
+pipe_starter(data_t *data)
+{
+ return (rad_thread_create(pipe_listen, data));
+}
+
+static rad_modinfo_t modinfo = { "xport_pipe", "stdin/pipe transport" };
+
+int
+_rad_init(void *handle)
+{
+ if (rad_module_register(handle, RAD_MODVERSION, &modinfo) == -1)
+ return (-1);
+
+ rad_xport_register("stdin", &t__stdin, stdin_starter);
+ rad_xport_register("pipe", &t__pipe, pipe_starter);
+ return (0);
+}
--- a/usr/src/cmd/rad/mod/xport_pipe/mod_xport_pipe.c Fri May 18 01:37:59 2012 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,159 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License (the "License").
- * You may not use this file except in compliance with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
-
-/*
- * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
- */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <bsm/adt_event.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <pthread.h>
-#include <ucred.h>
-
-#include <rad/adr_stream.h>
-#include "rad_object.h"
-#include "rad_modapi.h"
-#include "rad_modapi_xport.h"
-#include "rad_connection.h"
-#include "rad_xport.h"
-
-#include "api_pipe.h"
-
-static rad_moderr_t
-pipe_listen(rad_thread_t *arg)
-{
- int fdin;
- data_t *data = rad_thread_arg(arg);
- data_t *exitprop = struct_get(data, "exit");
- rad_subject_t *subject;
- rad_moderr_t result = rm_ok;
- ucred_t *uc = ucred_get(P_MYID);
-
- adr_stream_t *stream;
- data_t *fdprop = struct_get(data, "fd");
- if (fdprop) {
- fdin = data_to_integer(fdprop);
- stream = adr_stream_create_fd(fdin);
- } else {
- fdin = STDIN_FILENO;
- stream = adr_stream_create_fds(fdin, STDOUT_FILENO);
- }
- if (stream == NULL) {
- rad_log(RL_ERROR, "failed to allocate connection");
- goto done;
- }
-
- if (uc == NULL ||
- (subject = rad_subject_create_ucred(uc, B_FALSE, NULL)) == NULL) {
- rad_log(RL_ERROR, "failed to allocate connection");
- adr_stream_close(stream);
- adr_stream_free(stream);
- result = rm_system;
- goto done;
- }
-
- rad_protocol_t *proto = rad_proto_find("rad");
- if (proto == NULL) {
- rad_log(RL_ERROR, "unable to find protocol \"rad\"");
- rad_subject_unref(subject);
- adr_stream_close(stream);
- adr_stream_free(stream);
- result = rm_config;
- goto done;
- }
-
- radmod_connection_t *conn = rad_conn_create_fd(fdin, B_FALSE);
- if (conn == NULL) {
- rad_log(RL_WARN, "failed to allocate connection");
- rad_subject_unref(subject);
- adr_stream_close(stream);
- adr_stream_free(stream);
- result = rm_system;
- goto done;
- }
- conn->rm_conn_xport = stream;
- conn->rm_conn_proto_ops = proto;
-
- if (!rad_conn_setsubject(conn, subject)) {
- rad_log(RL_WARN, "failed to set connection subject");
- rad_conn_close(conn);
- rad_conn_free(conn);
- result = rm_system;
- goto done;
- }
- rad_thread_ack(arg, rm_ok);
- rad_proto_handle(conn);
- rad_conn_free(conn);
-
-done:
- if (exitprop != NULL) {
- assert(data_basetype(exitprop) == dt_boolean);
- if (data_to_boolean(exitprop)) {
- rad_log(result == rm_ok ? RL_DEBUG : RL_WARN,
- "exit triggered by pipe connector");
- exit(0);
- }
- }
- return (result);
-}
-
-static boolean_t running = B_FALSE;
-
-static rad_moderr_t
-stdin_starter(data_t *data)
-{
- rad_moderr_t result;
-
- if (running) {
- /* Until we permit configuring the fd */
- rad_log(RL_ERROR,
- "Only one stdin transport may be running at a time.\n");
- return (rm_config);
- }
-
- result = rad_thread_create(pipe_listen, data);
- if (result == rm_ok)
- running = B_TRUE;
- return (result);
-}
-
-static rad_moderr_t
-pipe_starter(data_t *data)
-{
- return (rad_thread_create(pipe_listen, data));
-}
-
-static rad_modinfo_t modinfo = { "xport_pipe", "stdin/pipe transport" };
-
-int
-_rad_init(void *handle)
-{
- if (rad_module_register(handle, RAD_MODVERSION, &modinfo) == -1)
- return (-1);
-
- rad_xport_register("stdin", &t__stdin, stdin_starter);
- rad_xport_register("pipe", &t__pipe, pipe_starter);
- return (0);
-}
--- a/usr/src/cmd/rad/mod/xport_tcp/Makefile Fri May 18 01:37:59 2012 -0400
+++ b/usr/src/cmd/rad/mod/xport_tcp/Makefile Fri May 18 11:08:12 2012 -0400
@@ -30,8 +30,8 @@
MOD_ADROPTS=-N
MOD_APIS=tcp
-MOD_OBJS=mod_xport_tcp.o rad_listen.o
-MOD_LIBNAME=mod_xport_tcp.so
+MOD_OBJS=mod_tcp.o rad_listen.o
+MOD_LIBNAME=mod_tcp.so
MOD_INSTALLDIR=$(RADDIR_XPORT)
include ../Makefile.com
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/rad/mod/xport_tcp/mod_tcp.c Fri May 18 11:08:12 2012 -0400
@@ -0,0 +1,168 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <bsm/adt_event.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <unistd.h>
+
+#include <rad/adr_stream.h>
+#include "rad_object.h"
+#include "rad_modapi.h"
+#include "rad_modapi_xport.h"
+#include "rad_connection.h"
+#include "rad_xport.h"
+#include "../rad_listen.h"
+
+#include "api_tcp.h"
+
+static char *pam_service = "rad-tcp";
+
+static void
+tcp_run(void *arg)
+{
+ radmod_connection_t *conn = arg;
+ rad_proto_handle(conn);
+ rad_conn_free(conn);
+}
+
+static rad_moderr_t
+tcp_listen(rad_thread_t *arg)
+{
+ int fd;
+ data_t *d, *data = rad_thread_arg(arg);
+
+ int port = data_to_integer(struct_get(data, "port"));
+ d = struct_get(data, "proto");
+ const char *protostr = d != NULL ? data_to_string(d) : "rad";
+ d = struct_get(data, "localonly");
+ boolean_t local = d != NULL ? data_to_boolean(d) : B_TRUE;
+ d = struct_get(data, "noauth");
+ boolean_t noauth = d != NULL ? data_to_boolean(d) : B_FALSE;
+ d = struct_get(data, "pam_service");
+ if (d != NULL) {
+ pam_service = (char *)data_to_string(d);
+ }
+
+ rad_subject_t *subject = NULL;
+
+ rad_protocol_t *proto = rad_proto_find(protostr);
+ if (proto == NULL) {
+ rad_log(RL_ERROR, "unable to find protocol '%s'", protostr);
+ return (rm_config);
+ }
+
+ if (noauth) {
+ ucred_t *uc = ucred_get(P_MYID);
+ if (uc == NULL ||
+ (subject = rad_subject_create_ucred(uc, B_FALSE,
+ pam_service)) == NULL) {
+ rad_log(RL_ERROR, "failed to allocate subject");
+ return (rm_system);
+ }
+ rad_log(RL_WARN, "AUTHORIZING ANONYMOUS TCP CONNECTIONS");
+ }
+
+ if ((fd = listen_on_port(port, local)) < 0) {
+ rad_log(RL_ERROR, "error starting server on port %d", port);
+ return (rm_system);
+ }
+
+ rad_thread_ack(arg, rm_ok);
+ for (;;) {
+ int afd;
+
+ rad_log(RL_DEBUG, "Waiting for connection");
+ if ((afd = accept(fd, 0, 0)) == -1) {
+ rad_log(RL_ERROR, "error in accept(): %s\n",
+ strerror(errno));
+ continue;
+ }
+ rad_log(RL_DEBUG, "Connection accepted");
+
+ adr_stream_t *stream = adr_stream_create_fd(afd);
+ if (stream == NULL)
+ continue;
+
+ radmod_connection_t *conn = rad_conn_create_fd(afd, B_TRUE);
+ if (conn == NULL) {
+ adr_stream_close(stream);
+ adr_stream_free(stream);
+ rad_log(RL_WARN, "failed to allocate connection");
+ continue;
+ }
+ conn->rm_conn_xport = stream;
+ conn->rm_conn_proto_ops = proto;
+ conn->rm_conn_pam_service = pam_service;
+
+ if (noauth) {
+ assert(subject != NULL);
+ rad_subject_ref(subject);
+ if (!rad_conn_setsubject(conn, subject)) {
+ rad_log(RL_WARN,
+ "failed to set connection subject");
+ rad_conn_close(conn);
+ rad_conn_free(conn);
+ continue;
+ }
+ }
+
+ if (rad_thread_create_async(tcp_run, conn) != rm_ok) {
+ rad_conn_close(conn);
+ rad_conn_free(conn);
+ }
+ }
+}
+
+static rad_moderr_t
+starter(data_t *data)
+{
+ /*
+ * Validate parameters
+ */
+ data_t *port = struct_get(data, "port");
+ if (port == NULL) {
+ rad_log(RL_ERROR, "Port required\n");
+ return (rm_config);
+ }
+
+ return (rad_thread_create(tcp_listen, data));
+}
+
+static rad_modinfo_t modinfo = { "xport_tcp", "TCP transport module" };
+
+int
+_rad_init(void *handle)
+{
+ if (rad_module_register(handle, RAD_MODVERSION, &modinfo) == -1)
+ return (-1);
+
+ rad_xport_register("tcp", &t__tcp, starter);
+ return (0);
+}
--- a/usr/src/cmd/rad/mod/xport_tcp/mod_xport_tcp.c Fri May 18 01:37:59 2012 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,168 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License (the "License").
- * You may not use this file except in compliance with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
-
-/*
- * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
- */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <bsm/adt_event.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <unistd.h>
-
-#include <rad/adr_stream.h>
-#include "rad_object.h"
-#include "rad_modapi.h"
-#include "rad_modapi_xport.h"
-#include "rad_connection.h"
-#include "rad_xport.h"
-#include "../rad_listen.h"
-
-#include "api_tcp.h"
-
-static char *pam_service = "rad-tcp";
-
-static void
-tcp_run(void *arg)
-{
- radmod_connection_t *conn = arg;
- rad_proto_handle(conn);
- rad_conn_free(conn);
-}
-
-static rad_moderr_t
-tcp_listen(rad_thread_t *arg)
-{
- int fd;
- data_t *d, *data = rad_thread_arg(arg);
-
- int port = data_to_integer(struct_get(data, "port"));
- d = struct_get(data, "proto");
- const char *protostr = d != NULL ? data_to_string(d) : "rad";
- d = struct_get(data, "localonly");
- boolean_t local = d != NULL ? data_to_boolean(d) : B_TRUE;
- d = struct_get(data, "noauth");
- boolean_t noauth = d != NULL ? data_to_boolean(d) : B_FALSE;
- d = struct_get(data, "pam_service");
- if (d != NULL) {
- pam_service = (char *)data_to_string(d);
- }
-
- rad_subject_t *subject = NULL;
-
- rad_protocol_t *proto = rad_proto_find(protostr);
- if (proto == NULL) {
- rad_log(RL_ERROR, "unable to find protocol '%s'", protostr);
- return (rm_config);
- }
-
- if (noauth) {
- ucred_t *uc = ucred_get(P_MYID);
- if (uc == NULL ||
- (subject = rad_subject_create_ucred(uc, B_FALSE,
- pam_service)) == NULL) {
- rad_log(RL_ERROR, "failed to allocate subject");
- return (rm_system);
- }
- rad_log(RL_WARN, "AUTHORIZING ANONYMOUS TCP CONNECTIONS");
- }
-
- if ((fd = listen_on_port(port, local)) < 0) {
- rad_log(RL_ERROR, "error starting server on port %d", port);
- return (rm_system);
- }
-
- rad_thread_ack(arg, rm_ok);
- for (;;) {
- int afd;
-
- rad_log(RL_DEBUG, "Waiting for connection");
- if ((afd = accept(fd, 0, 0)) == -1) {
- rad_log(RL_ERROR, "error in accept(): %s\n",
- strerror(errno));
- continue;
- }
- rad_log(RL_DEBUG, "Connection accepted");
-
- adr_stream_t *stream = adr_stream_create_fd(afd);
- if (stream == NULL)
- continue;
-
- radmod_connection_t *conn = rad_conn_create_fd(afd, B_TRUE);
- if (conn == NULL) {
- adr_stream_close(stream);
- adr_stream_free(stream);
- rad_log(RL_WARN, "failed to allocate connection");
- continue;
- }
- conn->rm_conn_xport = stream;
- conn->rm_conn_proto_ops = proto;
- conn->rm_conn_pam_service = pam_service;
-
- if (noauth) {
- assert(subject != NULL);
- rad_subject_ref(subject);
- if (!rad_conn_setsubject(conn, subject)) {
- rad_log(RL_WARN,
- "failed to set connection subject");
- rad_conn_close(conn);
- rad_conn_free(conn);
- continue;
- }
- }
-
- if (rad_thread_create_async(tcp_run, conn) != rm_ok) {
- rad_conn_close(conn);
- rad_conn_free(conn);
- }
- }
-}
-
-static rad_moderr_t
-starter(data_t *data)
-{
- /*
- * Validate parameters
- */
- data_t *port = struct_get(data, "port");
- if (port == NULL) {
- rad_log(RL_ERROR, "Port required\n");
- return (rm_config);
- }
-
- return (rad_thread_create(tcp_listen, data));
-}
-
-static rad_modinfo_t modinfo = { "xport_tcp", "TCP transport module" };
-
-int
-_rad_init(void *handle)
-{
- if (rad_module_register(handle, RAD_MODVERSION, &modinfo) == -1)
- return (-1);
-
- rad_xport_register("tcp", &t__tcp, starter);
- return (0);
-}
--- a/usr/src/cmd/rad/mod/xport_tls/Makefile Fri May 18 01:37:59 2012 -0400
+++ b/usr/src/cmd/rad/mod/xport_tls/Makefile Fri May 18 11:08:12 2012 -0400
@@ -34,8 +34,8 @@
APISDIR=.
MOD_ADROPTS=-N
MOD_APIS=tls
-MOD_OBJS=mod_xport_tls.o rad_listen.o
-MOD_LIBNAME=mod_xport_tls.so
+MOD_OBJS=mod_tls.o rad_listen.o
+MOD_LIBNAME=mod_tls.so
MOD_INSTALLDIR=$(RADDIR_XPORT)
include ../Makefile.com
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/rad/mod/xport_tls/mod_tls.c Fri May 18 11:08:12 2012 -0400
@@ -0,0 +1,262 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
+ */
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/utsname.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <unistd.h>
+#include <spawn.h>
+
+#include <rad/adr_stream.h>
+#include "rad_object.h"
+#include "rad_modapi.h"
+#include "rad_modapi_xport.h"
+#include "rad_connection.h"
+#include "rad_xport.h"
+#include "../rad_listen.h"
+
+#include "api_tls.h"
+
+static char *pam_service = "rad-tls";
+
+static boolean_t
+generate_cert(const char *cert, const char *key)
+{
+ struct utsname name;
+ struct stat st;
+ pid_t pid;
+ char buffer[1024];
+ const char *args[] = {
+ "/usr/bin/openssl", "req", "-x509", "-newkey", "rsa:1024",
+ "-days", "3650", "-sha1", "-nodes", "-keyout", key,
+ "-out", cert, "-subj", buffer, NULL };
+
+ if (stat(cert, &st) != -1 && stat(key, &st) != -1)
+ return (B_TRUE);
+
+ (void) uname(&name);
+ (void) snprintf(buffer, 1024, "/CN=Remote Administration Daemon @ %s",
+ name.nodename);
+
+ rad_log(RL_WARN, "generating key/certificate pair\n");
+ if (posix_spawn(&pid, args[0], NULL, NULL, (char **)args, NULL) != 0) {
+ rad_log(RL_ERROR, "failed to create key pair\n");
+ return (B_FALSE);
+ }
+ while (waitpid(pid, NULL, 0) == -1 && errno == EINTR)
+ ;
+
+ if (chmod(cert, 0644) == -1)
+ rad_log(RL_WARN, "failed to chmod '%s'; "
+ "certificate only readable by owner: %s", strerror(errno));
+
+ return (B_TRUE);
+}
+
+static void
+tls_run(void *arg)
+{
+ radmod_connection_t *conn = arg;
+ rad_proto_handle(conn);
+ rad_conn_free(conn);
+}
+
+static rad_moderr_t
+tls_listen(rad_thread_t *arg)
+{
+ SSL_CTX *context;
+ SSL *ssl;
+ int fd;
+ data_t *d, *data = rad_thread_arg(arg);
+
+ int port = data_to_integer(struct_get(data, "port"));
+ d = struct_get(data, "proto");
+ const char *protostr = d != NULL ? data_to_string(d) : "rad";
+ d = struct_get(data, "localonly");
+ boolean_t local = d != NULL ? data_to_boolean(d) : B_TRUE;
+ d = struct_get(data, "certificate");
+ const char *cert = data_to_string(d);
+ d = struct_get(data, "privatekey");
+ const char *key = data_to_string(d);
+ d = struct_get(data, "generate");
+ boolean_t generate = d != NULL ? data_to_boolean(d) : B_FALSE;
+ d = struct_get(data, "pam_service");
+ if (d != NULL) {
+ pam_service = (char *)data_to_string(d);
+ }
+
+ if (generate && !generate_cert(cert, key)) {
+ rad_log(RL_ERROR, "Failed to generate certificate.\n");
+ return (rm_system);
+ }
+
+ rad_protocol_t *proto = rad_proto_find(protostr);
+ if (proto == NULL) {
+ rad_log(RL_ERROR, "Unable to find protocol \"%s\".\n",
+ protostr);
+ return (rm_config);
+ }
+
+ if ((fd = listen_on_port(port, local)) < 0) {
+ rad_log(RL_ERROR, "Error starting server on port %d\n",
+ port);
+ return (rm_system);
+ }
+
+ rad_log(RL_DEBUG, "Initializing SSL library.\n");
+ (void) SSL_library_init();
+ (void) SSL_load_error_strings();
+
+ rad_log(RL_DEBUG, "Creating SSL context.\n");
+ context = SSL_CTX_new(SSLv23_method());
+ if (context == NULL) {
+ rad_log(RL_ERROR, "Unable to create SSL context.\n");
+ return (rm_system);
+ }
+ (void) SSL_CTX_set_options(context, SSL_OP_NO_SSLv2);
+
+ if (SSL_CTX_use_certificate_chain_file(context, cert) == 0) {
+ rad_log(RL_ERROR, "Unable to use cert file: %s\n", cert);
+ ERR_print_errors_fp(stderr);
+ return (rm_system);
+ }
+
+ if (SSL_CTX_use_PrivateKey_file(context, key, SSL_FILETYPE_PEM) == 0) {
+ rad_log(RL_ERROR, "Unable to use privatekey file: %s\n", key);
+ ERR_print_errors_fp(stderr);
+ return (rm_system);
+ }
+
+ rad_thread_ack(arg, rm_ok);
+ for (;;) {
+ int afd, result;
+
+ rad_log(RL_DEBUG, "Waiting for connection.\n");
+ if ((afd = accept(fd, 0, 0)) == -1) {
+ rad_log(RL_WARN, "Error in accept(): %s\n",
+ strerror(errno));
+ continue;
+ }
+ rad_log(RL_DEBUG, "Connection accepted.\n");
+
+ rad_log(RL_DEBUG, "Creating SSL.\n");
+ ssl = SSL_new(context);
+ if (ssl == NULL) {
+ rad_log(RL_WARN, "Unable to create SSL.\n");
+ (void) close(afd);
+ continue;
+ }
+
+ rad_log(RL_DEBUG, "Initiating SSL connection.\n");
+ if (!SSL_set_fd(ssl, afd)) {
+ rad_log(RL_WARN, "Unable to set SSL fd.\n");
+ goto close;
+ }
+
+ while ((result = SSL_accept(ssl)) != 1) {
+ result = SSL_get_error(ssl, result);
+
+ /* Shouldn't happen, but just in case: */
+ if (result == SSL_ERROR_WANT_READ ||
+ result == SSL_ERROR_WANT_WRITE)
+ continue;
+
+ ERR_print_errors_fp(stderr);
+ rad_log(RL_WARN,
+ "Unable to establish connection: %d\n", result);
+ goto close;
+ }
+
+ rad_log(RL_DEBUG, "Connection accepted.\n");
+ adr_stream_t *stream = adr_stream_create_ssl(ssl, afd);
+ if (stream == NULL)
+ continue;
+
+ radmod_connection_t *conn = rad_conn_create_fd(afd, B_TRUE);
+ if (conn == NULL) {
+ adr_stream_close(stream);
+ adr_stream_free(stream);
+ rad_log(RL_WARN, "failed to allocate connection");
+ continue;
+ }
+ conn->rm_conn_xport = stream;
+ conn->rm_conn_proto_ops = proto;
+ conn->rm_conn_pam_service = pam_service;
+
+ if (rad_thread_create_async(tls_run, conn) != rm_ok) {
+ rad_conn_close(conn);
+ rad_conn_free(conn);
+ }
+
+ continue;
+close:
+ SSL_free(ssl);
+ (void) close(afd);
+ }
+}
+
+static rad_moderr_t
+starter(data_t *data)
+{
+ /*
+ * Verify parameters.
+ */
+ if (struct_get(data, "port") == NULL) {
+ rad_log(RL_ERROR, "Port required\n");
+ return (rm_config);
+ }
+
+ if (struct_get(data, "certificate") == NULL) {
+ rad_log(RL_ERROR, "Cert required\n");
+ return (rm_config);
+ }
+
+ if (struct_get(data, "privatekey") == NULL) {
+ rad_log(RL_ERROR, "Private key required\n");
+ return (rm_config);
+ }
+
+ return (rad_thread_create(tls_listen, data));
+}
+
+static rad_modinfo_t modinfo = { "xport_tls", "TLS socket transport module" };
+
+int
+_rad_init(void *handle)
+{
+ if (rad_module_register(handle, RAD_MODVERSION, &modinfo) == -1)
+ return (-1);
+
+ rad_xport_register("tls", &t__tls, starter);
+ return (0);
+}
--- a/usr/src/cmd/rad/mod/xport_tls/mod_xport_tls.c Fri May 18 01:37:59 2012 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,262 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License (the "License").
- * You may not use this file except in compliance with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
-
-/*
- * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
- */
-
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/utsname.h>
-#include <sys/stat.h>
-#include <sys/wait.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <unistd.h>
-#include <spawn.h>
-
-#include <rad/adr_stream.h>
-#include "rad_object.h"
-#include "rad_modapi.h"
-#include "rad_modapi_xport.h"
-#include "rad_connection.h"
-#include "rad_xport.h"
-#include "../rad_listen.h"
-
-#include "api_tls.h"
-
-static char *pam_service = "rad-tls";
-
-static boolean_t
-generate_cert(const char *cert, const char *key)
-{
- struct utsname name;
- struct stat st;
- pid_t pid;
- char buffer[1024];
- const char *args[] = {
- "/usr/bin/openssl", "req", "-x509", "-newkey", "rsa:1024",
- "-days", "3650", "-sha1", "-nodes", "-keyout", key,
- "-out", cert, "-subj", buffer, NULL };
-
- if (stat(cert, &st) != -1 && stat(key, &st) != -1)
- return (B_TRUE);
-
- (void) uname(&name);
- (void) snprintf(buffer, 1024, "/CN=Remote Administration Daemon @ %s",
- name.nodename);
-
- rad_log(RL_WARN, "generating key/certificate pair\n");
- if (posix_spawn(&pid, args[0], NULL, NULL, (char **)args, NULL) != 0) {
- rad_log(RL_ERROR, "failed to create key pair\n");
- return (B_FALSE);
- }
- while (waitpid(pid, NULL, 0) == -1 && errno == EINTR)
- ;
-
- if (chmod(cert, 0644) == -1)
- rad_log(RL_WARN, "failed to chmod '%s'; "
- "certificate only readable by owner: %s", strerror(errno));
-
- return (B_TRUE);
-}
-
-static void
-tls_run(void *arg)
-{
- radmod_connection_t *conn = arg;
- rad_proto_handle(conn);
- rad_conn_free(conn);
-}
-
-static rad_moderr_t
-tls_listen(rad_thread_t *arg)
-{
- SSL_CTX *context;
- SSL *ssl;
- int fd;
- data_t *d, *data = rad_thread_arg(arg);
-
- int port = data_to_integer(struct_get(data, "port"));
- d = struct_get(data, "proto");
- const char *protostr = d != NULL ? data_to_string(d) : "rad";
- d = struct_get(data, "localonly");
- boolean_t local = d != NULL ? data_to_boolean(d) : B_TRUE;
- d = struct_get(data, "certificate");
- const char *cert = data_to_string(d);
- d = struct_get(data, "privatekey");
- const char *key = data_to_string(d);
- d = struct_get(data, "generate");
- boolean_t generate = d != NULL ? data_to_boolean(d) : B_FALSE;
- d = struct_get(data, "pam_service");
- if (d != NULL) {
- pam_service = (char *)data_to_string(d);
- }
-
- if (generate && !generate_cert(cert, key)) {
- rad_log(RL_ERROR, "Failed to generate certificate.\n");
- return (rm_system);
- }
-
- rad_protocol_t *proto = rad_proto_find(protostr);
- if (proto == NULL) {
- rad_log(RL_ERROR, "Unable to find protocol \"%s\".\n",
- protostr);
- return (rm_config);
- }
-
- if ((fd = listen_on_port(port, local)) < 0) {
- rad_log(RL_ERROR, "Error starting server on port %d\n",
- port);
- return (rm_system);
- }
-
- rad_log(RL_DEBUG, "Initializing SSL library.\n");
- (void) SSL_library_init();
- (void) SSL_load_error_strings();
-
- rad_log(RL_DEBUG, "Creating SSL context.\n");
- context = SSL_CTX_new(SSLv23_method());
- if (context == NULL) {
- rad_log(RL_ERROR, "Unable to create SSL context.\n");
- return (rm_system);
- }
- (void) SSL_CTX_set_options(context, SSL_OP_NO_SSLv2);
-
- if (SSL_CTX_use_certificate_chain_file(context, cert) == 0) {
- rad_log(RL_ERROR, "Unable to use cert file: %s\n", cert);
- ERR_print_errors_fp(stderr);
- return (rm_system);
- }
-
- if (SSL_CTX_use_PrivateKey_file(context, key, SSL_FILETYPE_PEM) == 0) {
- rad_log(RL_ERROR, "Unable to use privatekey file: %s\n", key);
- ERR_print_errors_fp(stderr);
- return (rm_system);
- }
-
- rad_thread_ack(arg, rm_ok);
- for (;;) {
- int afd, result;
-
- rad_log(RL_DEBUG, "Waiting for connection.\n");
- if ((afd = accept(fd, 0, 0)) == -1) {
- rad_log(RL_WARN, "Error in accept(): %s\n",
- strerror(errno));
- continue;
- }
- rad_log(RL_DEBUG, "Connection accepted.\n");
-
- rad_log(RL_DEBUG, "Creating SSL.\n");
- ssl = SSL_new(context);
- if (ssl == NULL) {
- rad_log(RL_WARN, "Unable to create SSL.\n");
- (void) close(afd);
- continue;
- }
-
- rad_log(RL_DEBUG, "Initiating SSL connection.\n");
- if (!SSL_set_fd(ssl, afd)) {
- rad_log(RL_WARN, "Unable to set SSL fd.\n");
- goto close;
- }
-
- while ((result = SSL_accept(ssl)) != 1) {
- result = SSL_get_error(ssl, result);
-
- /* Shouldn't happen, but just in case: */
- if (result == SSL_ERROR_WANT_READ ||
- result == SSL_ERROR_WANT_WRITE)
- continue;
-
- ERR_print_errors_fp(stderr);
- rad_log(RL_WARN,
- "Unable to establish connection: %d\n", result);
- goto close;
- }
-
- rad_log(RL_DEBUG, "Connection accepted.\n");
- adr_stream_t *stream = adr_stream_create_ssl(ssl, afd);
- if (stream == NULL)
- continue;
-
- radmod_connection_t *conn = rad_conn_create_fd(afd, B_TRUE);
- if (conn == NULL) {
- adr_stream_close(stream);
- adr_stream_free(stream);
- rad_log(RL_WARN, "failed to allocate connection");
- continue;
- }
- conn->rm_conn_xport = stream;
- conn->rm_conn_proto_ops = proto;
- conn->rm_conn_pam_service = pam_service;
-
- if (rad_thread_create_async(tls_run, conn) != rm_ok) {
- rad_conn_close(conn);
- rad_conn_free(conn);
- }
-
- continue;
-close:
- SSL_free(ssl);
- (void) close(afd);
- }
-}
-
-static rad_moderr_t
-starter(data_t *data)
-{
- /*
- * Verify parameters.
- */
- if (struct_get(data, "port") == NULL) {
- rad_log(RL_ERROR, "Port required\n");
- return (rm_config);
- }
-
- if (struct_get(data, "certificate") == NULL) {
- rad_log(RL_ERROR, "Cert required\n");
- return (rm_config);
- }
-
- if (struct_get(data, "privatekey") == NULL) {
- rad_log(RL_ERROR, "Private key required\n");
- return (rm_config);
- }
-
- return (rad_thread_create(tls_listen, data));
-}
-
-static rad_modinfo_t modinfo = { "xport_tls", "TLS socket transport module" };
-
-int
-_rad_init(void *handle)
-{
- if (rad_module_register(handle, RAD_MODVERSION, &modinfo) == -1)
- return (-1);
-
- rad_xport_register("tls", &t__tls, starter);
- return (0);
-}
--- a/usr/src/cmd/rad/mod/xport_unix/Makefile Fri May 18 01:37:59 2012 -0400
+++ b/usr/src/cmd/rad/mod/xport_unix/Makefile Fri May 18 11:08:12 2012 -0400
@@ -30,8 +30,8 @@
MOD_ADROPTS=-N
MOD_APIS=unix
-MOD_OBJS=mod_xport_unix.o
-MOD_LIBNAME=mod_xport_unix.so
+MOD_OBJS=mod_unix.o
+MOD_LIBNAME=mod_unix.so
MOD_INSTALLDIR=$(RADDIR_XPORT)
include ../Makefile.com
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/rad/mod/xport_unix/mod_unix.c Fri May 18 11:08:12 2012 -0400
@@ -0,0 +1,301 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <bsm/adt_event.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <unistd.h>
+#include <pthread.h>
+#include <ucred.h>
+#include <zone.h>
+
+#include <rad/adr_stream.h>
+#include "rad_object.h"
+#include "rad_modapi.h"
+#include "rad_modapi_xport.h"
+#include "rad_connection.h"
+#include "rad_xport.h"
+
+#include "api_unix.h"
+
+static char *pam_service = "rad-unix";
+
+static boolean_t
+sockaddr_init(struct sockaddr_un *addr, const char *name)
+{
+ size_t namelen;
+ size_t addrlen;
+
+ (void) memset(addr, 0, sizeof (*addr));
+ addr->sun_family = AF_UNIX;
+
+ namelen = strlen(name);
+ addrlen = sizeof (addr->sun_path);
+
+ if (namelen >= addrlen)
+ return (B_FALSE);
+
+ (void) strlcpy(addr->sun_path, name, sizeof (addr->sun_path));
+ return (B_TRUE);
+}
+
+static int
+create_tmpdir(const char *name)
+{
+ int retval = 0;
+ struct stat st;
+ mode_t um;
+
+ int i = strncmp(name, RAD_TMPDIR "/", strlen(RAD_TMPDIR "/"));
+
+ if (i == 0) { /* Default path specified */
+ if (stat(RAD_TMPDIR, &st) == 0) {
+ if (!S_ISDIR(st.st_mode)) {
+ rad_log(RL_ERROR, "file '%s' exists.",
+ RAD_TMPDIR);
+ retval = -1;
+ }
+ } else if (errno == ENOENT) { /* Create it */
+ um = umask(0);
+ i = mkdir(RAD_TMPDIR, S_IRWXU | S_IRWXG | S_IRWXO);
+ (void) umask(um);
+ if (i != 0) {
+ rad_log(RL_ERROR, "error creating '%s': %s."
+ RAD_TMPDIR, strerror(errno));
+ retval = -1;
+ }
+ } else {
+ rad_log(RL_ERROR, "error creating '%s': %s."
+ RAD_TMPDIR, strerror(errno));
+ retval = -1;
+ }
+ }
+ return (retval);
+}
+
+static int
+listen_on_name(const char *name)
+{
+ int fd;
+ struct sockaddr_un addr;
+
+ if (create_tmpdir(name) != 0)
+ return (-1);
+
+ if (unlink(name) == -1 && errno != ENOENT) {
+ rad_log(RL_ERROR, "unlink of '%s' failed: %s", name,
+ strerror(errno));
+ return (-1);
+ }
+
+ if (!sockaddr_init(&addr, name)) {
+ rad_log(RL_ERROR, "socket name '%s' too long", name);
+ return (-1);
+ }
+
+ if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
+ rad_log(RL_ERROR, "socket failed: %s", strerror(errno));
+ return (-1);
+ }
+
+ if (bind(fd, (struct sockaddr *)&addr, sizeof (addr)) == -1) {
+ rad_log(RL_ERROR, "bind to '%s' failed: %s", name,
+ strerror(errno));
+ (void) close(fd);
+ return (-1);
+ }
+
+ if (listen(fd, 15) == -1) {
+ rad_log(RL_ERROR, "listen on '%s' failed: %s", name,
+ strerror(errno));
+ return (-1);
+ }
+
+ return (fd);
+}
+
+/*
+ * Determines if the ucred represents someone who is effectively us.
+ */
+static boolean_t
+sent_by_joe(ucred_t *uc)
+{
+ const priv_set_t *theirprivs;
+ priv_set_t *myprivs = priv_allocset();
+ if (myprivs == NULL) {
+ rad_log(RL_ERROR, "failed to allocate privilege set");
+ return (B_FALSE);
+ }
+
+ /* Could handle this "gracefully", but it isn't supposed to fail */
+ if (getppriv(PRIV_PERMITTED, myprivs) == -1)
+ rad_log(RL_FATAL, "getppriv(PRIV_PERMITTED) failed: %s",
+ strerror(errno));
+
+ if (uc == NULL ||
+ ucred_geteuid(uc) != getuid() ||
+ ucred_getzoneid(uc) != getzoneid() ||
+ (theirprivs = ucred_getprivset(uc, PRIV_EFFECTIVE)) == NULL ||
+ !priv_issubset(myprivs, theirprivs)) {
+ priv_freeset(myprivs);
+ rad_log(RL_WARN, "unprivileged client (uid=%d) "
+ "attempted connection to control port", ucred_geteuid(uc));
+ return (B_FALSE);
+ }
+
+ priv_freeset(myprivs);
+ return (B_TRUE);
+}
+
+static void
+unix_run(void *arg)
+{
+ radmod_connection_t *conn = arg;
+ rad_proto_handle(conn);
+ rad_conn_free(conn);
+}
+
+static rad_moderr_t
+unix_listen(rad_thread_t *arg)
+{
+ data_t *data = rad_thread_arg(arg);
+ int fd;
+ data_t *d, *path = struct_get(data, "path");
+ d = struct_get(data, "proto");
+ const char *protostr = d != NULL ? data_to_string(d) : "rad";
+ d = struct_get(data, "control");
+ boolean_t control = d != NULL ? data_to_boolean(d) : B_FALSE;
+ d = struct_get(data, "peercred");
+ boolean_t peercred = d != NULL ? data_to_boolean(d) : B_TRUE;
+ d = struct_get(data, "pam_service");
+ if (d != NULL) {
+ pam_service = (char *)data_to_string(d);
+ }
+
+ rad_protocol_t *proto = rad_proto_find(protostr);
+ if (proto == NULL) {
+ rad_log(RL_ERROR, "Unable to find protocol \"%s\".", protostr);
+ return (rm_config);
+ }
+
+ if ((fd = listen_on_name(data_to_string(path))) < 0) {
+ rad_log(RL_ERROR, "Error starting AF_UNIX server: %s",
+ strerror(errno));
+ return (rm_system);
+ }
+
+ rad_thread_ack(arg, rm_ok);
+ for (;;) {
+ int afd;
+
+ rad_log(RL_DEBUG, "Waiting for connection.\n");
+ if ((afd = accept(fd, 0, 0)) == -1) {
+ rad_log(RL_WARN, "Error in accept(): %s\n",
+ strerror(errno));
+ continue;
+ }
+ rad_log(RL_DEBUG, "Connection accepted.\n");
+
+ /* subject allocation failure and missing ucred are conflated */
+ rad_subject_t *subject = peercred ?
+ rad_subject_create_fd(afd, pam_service) : NULL;
+
+ if (control) {
+ if (subject == NULL) {
+ (void) close(afd);
+ continue;
+ }
+
+ if (!sent_by_joe(subject->rs_ucred)) {
+ rad_subject_unref(subject);
+ (void) close(afd);
+ continue;
+ }
+ rad_log(RL_DEBUG,
+ "accepting connection on control port");
+ subject->rs_control = B_TRUE;
+ }
+
+ adr_stream_t *stream = adr_stream_create_fd(afd);
+ if (stream == NULL)
+ continue;
+
+ radmod_connection_t *conn = rad_conn_create_fd(afd, B_TRUE);
+ if (conn == NULL) {
+ adr_stream_close(stream);
+ adr_stream_free(stream);
+ rad_log(RL_WARN, "failed to allocate connection");
+ continue;
+ }
+ conn->rm_conn_xport = stream;
+ conn->rm_conn_proto_ops = proto;
+ conn->rm_conn_pam_service = pam_service;
+
+ if (subject != NULL &&
+ !rad_conn_setsubject(conn, subject)) {
+ rad_conn_close(conn);
+ rad_conn_free(conn);
+ rad_log(RL_WARN, "failed to set connection subject");
+ continue;
+ }
+
+ if (rad_thread_create_async(unix_run, conn) != rm_ok) {
+ rad_conn_close(conn);
+ rad_conn_free(conn);
+ }
+ }
+}
+
+static rad_moderr_t
+starter(data_t *data)
+{
+ data_t *path = struct_get(data, "path");
+
+ if (path == NULL) {
+ rad_log(RL_ERROR, "Unix domain socket requires path\n");
+ return (rm_config);
+ }
+
+ return (rad_thread_create(unix_listen, data));
+}
+
+static rad_modinfo_t modinfo = {
+ "xport_unix", "unix domain socket transport module",
+};
+
+int
+_rad_init(void *handle)
+{
+ if (rad_module_register(handle, RAD_MODVERSION, &modinfo) == -1)
+ return (-1);
+
+ rad_xport_register("unix", &t__unix, starter);
+ return (0);
+}
--- a/usr/src/cmd/rad/mod/xport_unix/mod_xport_unix.c Fri May 18 01:37:59 2012 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,301 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License (the "License").
- * You may not use this file except in compliance with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
-
-/*
- * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
- */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <bsm/adt_event.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <unistd.h>
-#include <pthread.h>
-#include <ucred.h>
-#include <zone.h>
-
-#include <rad/adr_stream.h>
-#include "rad_object.h"
-#include "rad_modapi.h"
-#include "rad_modapi_xport.h"
-#include "rad_connection.h"
-#include "rad_xport.h"
-
-#include "api_unix.h"
-
-static char *pam_service = "rad-unix";
-
-static boolean_t
-sockaddr_init(struct sockaddr_un *addr, const char *name)
-{
- size_t namelen;
- size_t addrlen;
-
- (void) memset(addr, 0, sizeof (*addr));
- addr->sun_family = AF_UNIX;
-
- namelen = strlen(name);
- addrlen = sizeof (addr->sun_path);
-
- if (namelen >= addrlen)
- return (B_FALSE);
-
- (void) strlcpy(addr->sun_path, name, sizeof (addr->sun_path));
- return (B_TRUE);
-}
-
-static int
-create_tmpdir(const char *name)
-{
- int retval = 0;
- struct stat st;
- mode_t um;
-
- int i = strncmp(name, RAD_TMPDIR "/", strlen(RAD_TMPDIR "/"));
-
- if (i == 0) { /* Default path specified */
- if (stat(RAD_TMPDIR, &st) == 0) {
- if (!S_ISDIR(st.st_mode)) {
- rad_log(RL_ERROR, "file '%s' exists.",
- RAD_TMPDIR);
- retval = -1;
- }
- } else if (errno == ENOENT) { /* Create it */
- um = umask(0);
- i = mkdir(RAD_TMPDIR, S_IRWXU | S_IRWXG | S_IRWXO);
- (void) umask(um);
- if (i != 0) {
- rad_log(RL_ERROR, "error creating '%s': %s."
- RAD_TMPDIR, strerror(errno));
- retval = -1;
- }
- } else {
- rad_log(RL_ERROR, "error creating '%s': %s."
- RAD_TMPDIR, strerror(errno));
- retval = -1;
- }
- }
- return (retval);
-}
-
-static int
-listen_on_name(const char *name)
-{
- int fd;
- struct sockaddr_un addr;
-
- if (create_tmpdir(name) != 0)
- return (-1);
-
- if (unlink(name) == -1 && errno != ENOENT) {
- rad_log(RL_ERROR, "unlink of '%s' failed: %s", name,
- strerror(errno));
- return (-1);
- }
-
- if (!sockaddr_init(&addr, name)) {
- rad_log(RL_ERROR, "socket name '%s' too long", name);
- return (-1);
- }
-
- if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
- rad_log(RL_ERROR, "socket failed: %s", strerror(errno));
- return (-1);
- }
-
- if (bind(fd, (struct sockaddr *)&addr, sizeof (addr)) == -1) {
- rad_log(RL_ERROR, "bind to '%s' failed: %s", name,
- strerror(errno));
- (void) close(fd);
- return (-1);
- }
-
- if (listen(fd, 15) == -1) {
- rad_log(RL_ERROR, "listen on '%s' failed: %s", name,
- strerror(errno));
- return (-1);
- }
-
- return (fd);
-}
-
-/*
- * Determines if the ucred represents someone who is effectively us.
- */
-static boolean_t
-sent_by_joe(ucred_t *uc)
-{
- const priv_set_t *theirprivs;
- priv_set_t *myprivs = priv_allocset();
- if (myprivs == NULL) {
- rad_log(RL_ERROR, "failed to allocate privilege set");
- return (B_FALSE);
- }
-
- /* Could handle this "gracefully", but it isn't supposed to fail */
- if (getppriv(PRIV_PERMITTED, myprivs) == -1)
- rad_log(RL_FATAL, "getppriv(PRIV_PERMITTED) failed: %s",
- strerror(errno));
-
- if (uc == NULL ||
- ucred_geteuid(uc) != getuid() ||
- ucred_getzoneid(uc) != getzoneid() ||
- (theirprivs = ucred_getprivset(uc, PRIV_EFFECTIVE)) == NULL ||
- !priv_issubset(myprivs, theirprivs)) {
- priv_freeset(myprivs);
- rad_log(RL_WARN, "unprivileged client (uid=%d) "
- "attempted connection to control port", ucred_geteuid(uc));
- return (B_FALSE);
- }
-
- priv_freeset(myprivs);
- return (B_TRUE);
-}
-
-static void
-unix_run(void *arg)
-{
- radmod_connection_t *conn = arg;
- rad_proto_handle(conn);
- rad_conn_free(conn);
-}
-
-static rad_moderr_t
-unix_listen(rad_thread_t *arg)
-{
- data_t *data = rad_thread_arg(arg);
- int fd;
- data_t *d, *path = struct_get(data, "path");
- d = struct_get(data, "proto");
- const char *protostr = d != NULL ? data_to_string(d) : "rad";
- d = struct_get(data, "control");
- boolean_t control = d != NULL ? data_to_boolean(d) : B_FALSE;
- d = struct_get(data, "peercred");
- boolean_t peercred = d != NULL ? data_to_boolean(d) : B_TRUE;
- d = struct_get(data, "pam_service");
- if (d != NULL) {
- pam_service = (char *)data_to_string(d);
- }
-
- rad_protocol_t *proto = rad_proto_find(protostr);
- if (proto == NULL) {
- rad_log(RL_ERROR, "Unable to find protocol \"%s\".", protostr);
- return (rm_config);
- }
-
- if ((fd = listen_on_name(data_to_string(path))) < 0) {
- rad_log(RL_ERROR, "Error starting AF_UNIX server: %s",
- strerror(errno));
- return (rm_system);
- }
-
- rad_thread_ack(arg, rm_ok);
- for (;;) {
- int afd;
-
- rad_log(RL_DEBUG, "Waiting for connection.\n");
- if ((afd = accept(fd, 0, 0)) == -1) {
- rad_log(RL_WARN, "Error in accept(): %s\n",
- strerror(errno));
- continue;
- }
- rad_log(RL_DEBUG, "Connection accepted.\n");
-
- /* subject allocation failure and missing ucred are conflated */
- rad_subject_t *subject = peercred ?
- rad_subject_create_fd(afd, pam_service) : NULL;
-
- if (control) {
- if (subject == NULL) {
- (void) close(afd);
- continue;
- }
-
- if (!sent_by_joe(subject->rs_ucred)) {
- rad_subject_unref(subject);
- (void) close(afd);
- continue;
- }
- rad_log(RL_DEBUG,
- "accepting connection on control port");
- subject->rs_control = B_TRUE;
- }
-
- adr_stream_t *stream = adr_stream_create_fd(afd);
- if (stream == NULL)
- continue;
-
- radmod_connection_t *conn = rad_conn_create_fd(afd, B_TRUE);
- if (conn == NULL) {
- adr_stream_close(stream);
- adr_stream_free(stream);
- rad_log(RL_WARN, "failed to allocate connection");
- continue;
- }
- conn->rm_conn_xport = stream;
- conn->rm_conn_proto_ops = proto;
- conn->rm_conn_pam_service = pam_service;
-
- if (subject != NULL &&
- !rad_conn_setsubject(conn, subject)) {
- rad_conn_close(conn);
- rad_conn_free(conn);
- rad_log(RL_WARN, "failed to set connection subject");
- continue;
- }
-
- if (rad_thread_create_async(unix_run, conn) != rm_ok) {
- rad_conn_close(conn);
- rad_conn_free(conn);
- }
- }
-}
-
-static rad_moderr_t
-starter(data_t *data)
-{
- data_t *path = struct_get(data, "path");
-
- if (path == NULL) {
- rad_log(RL_ERROR, "Unix domain socket requires path\n");
- return (rm_config);
- }
-
- return (rad_thread_create(unix_listen, data));
-}
-
-static rad_modinfo_t modinfo = {
- "xport_unix", "unix domain socket transport module",
-};
-
-int
-_rad_init(void *handle)
-{
- if (rad_module_register(handle, RAD_MODVERSION, &modinfo) == -1)
- return (-1);
-
- rad_xport_register("unix", &t__unix, starter);
- return (0);
-}
--- a/usr/src/java/rad/com/oracle/solaris/rad/PrivateTransport.java Fri May 18 01:37:59 2012 -0400
+++ b/usr/src/java/rad/com/oracle/solaris/rad/PrivateTransport.java Fri May 18 11:08:12 2012 -0400
@@ -33,7 +33,7 @@
private static final String RAD_PATH = "/usr/lib/rad/rad";
private static final String RAD_MOD_XPORT =
- "/usr/lib/rad/transport/mod_xport_pipe.so";
+ "/usr/lib/rad/transport/mod_pipe.so";
private static final String RAD_MOD_PROTO =
"/usr/lib/rad/protocol/mod_proto_rad.so";
--- a/usr/src/lib/pyrad/util.py Fri May 18 01:37:59 2012 -0400
+++ b/usr/src/lib/pyrad/util.py Fri May 18 11:08:12 2012 -0400
@@ -143,7 +143,7 @@
List[string]: A list containing a command plus arguments
"""
cmd = [_map_path(root, "/usr/lib/rad/rad"),
- "-M", _map_path(root, "/usr/lib/rad/transport/mod_xport_pipe.so"),
+ "-M", _map_path(root, "/usr/lib/rad/transport/mod_pipe.so"),
"-M", _map_path(root, "/usr/lib/rad/protocol/mod_proto_rad.so")]
if modules is not None:
--- a/usr/src/test/java/src/client/ConnectTest.java Fri May 18 01:37:59 2012 -0400
+++ b/usr/src/test/java/src/client/ConnectTest.java Fri May 18 11:08:12 2012 -0400
@@ -175,7 +175,7 @@
};
// Set up server.
- setUpCommon(auxargs, "/usr/lib/rad/transport/mod_xport_tcp.so");
+ setUpCommon(auxargs, "/usr/lib/rad/transport/mod_tcp.so");
testConnection(getMBSC());
// Perform test.
@@ -202,7 +202,7 @@
// Set up server.
setUpTestDir();
- setUpCommon(auxargs, "/usr/lib/rad/transport/mod_xport_tls.so");
+ setUpCommon(auxargs, "/usr/lib/rad/transport/mod_tls.so");
MBeanServerConnection xxx = getMBSC();
// testConnection(xxx);
@@ -237,7 +237,7 @@
// Set up server.
setUpTestDir();
- setUpCommon(auxargs, "/usr/lib/rad/transport/mod_xport_unix.so");
+ setUpCommon(auxargs, "/usr/lib/rad/transport/mod_unix.so");
testConnection(getMBSC());
@@ -260,7 +260,7 @@
"tcp:localonly=false,port=" + port
};
String[] modules = new String[] {
- "/usr/lib/rad/transport/mod_xport_tcp.so"
+ "/usr/lib/rad/transport/mod_tcp.so"
};
// Set up server.
@@ -292,7 +292,7 @@
",privatekey=" + getRemotePrivateKeyFile().getAbsolutePath()
};
String[] modules = new String[] {
- "/usr/lib/rad/transport/mod_xport_tls.so"
+ "/usr/lib/rad/transport/mod_tls.so"
};
// Set up server.
@@ -348,7 +348,7 @@
",privatekey=" + getRemotePrivateKeyFile().getAbsolutePath()
};
String[] modules = new String[] {
- "/usr/lib/rad/transport/mod_xport_tls.so"
+ "/usr/lib/rad/transport/mod_tls.so"
};
// Set up server.
--- a/usr/src/test/java/src/client/RadRequestBase.java Fri May 18 01:37:59 2012 -0400
+++ b/usr/src/test/java/src/client/RadRequestBase.java Fri May 18 11:08:12 2012 -0400
@@ -81,7 +81,7 @@
new String [] {"-t", "tcp:" + noauth + "port=" + TCP_PORT +
",localonly=false"},
"/usr/lib/rad/module/mod_test.so",
- "/usr/lib/rad/transport/mod_xport_tcp.so");
+ "/usr/lib/rad/transport/mod_tcp.so");
assertTrue(isRadReady());
--- a/usr/src/test/python/client/test_connect.py Fri May 18 01:37:59 2012 -0400
+++ b/usr/src/test/python/client/test_connect.py Fri May 18 11:08:12 2012 -0400
@@ -57,7 +57,7 @@
#
class TCP(object):
def get_modules(self):
- return ["/usr/lib/rad/transport/mod_xport_tcp.so"]
+ return ["/usr/lib/rad/transport/mod_tcp.so"]
#
# default implementation of RADCommon.get_modules() for all classes using the
@@ -65,7 +65,7 @@
#
class TLS(object):
def get_modules(self):
- return ["/usr/lib/rad/transport/mod_xport_tls.so"]
+ return ["/usr/lib/rad/transport/mod_tls.so"]
#
# Base class for all connection tests.
@@ -173,7 +173,7 @@
#
class ConnectTestLocalAFUNIX(ConnectTestLocal):
def get_modules(self):
- return ["/usr/lib/rad/transport/mod_xport_unix.so"]
+ return ["/usr/lib/rad/transport/mod_unix.so"]
def get_unix_path(self):
return os.path.join(TEST_DIRNAME, AFUNIX_FILENAME)