Print this page
NEX-5801 Snapshots left over after failed backups
Reviewed by: Rick Mesta <rick.mesta@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Revert "NEX-5801 Snapshots left over after failed backups"
This reverts commit f182fb95f09036db71fbfc6f0a6b90469b761f21.
NEX-5801 Snapshots left over after failed backups
Reviewed by: Rick Mesta <rick.mesta@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
NEX-2911 NDMP logging should use syslog and is too chatty
NEX-559 NDMP cannot backup/restore a file which spans multiple tapes
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/ndmpd/ndmp/ndmpd_connect.c
+++ new/usr/src/cmd/ndmpd/ndmp/ndmpd_connect.c
1 1 /*
2 2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
3 3 * Use is subject to license terms.
4 4 */
5 -
6 5 /*
7 6 * BSD 3 Clause License
8 7 *
9 8 * Copyright (c) 2007, The Storage Networking Industry Association.
10 9 *
11 10 * Redistribution and use in source and binary forms, with or without
12 11 * modification, are permitted provided that the following conditions
13 12 * are met:
14 13 * - Redistributions of source code must retain the above copyright
15 14 * notice, this list of conditions and the following disclaimer.
16 15 *
17 16 * - Redistributions in binary form must reproduce the above copyright
18 17 * notice, this list of conditions and the following disclaimer in
19 18 * the documentation and/or other materials provided with the
20 19 * distribution.
21 20 *
22 21 * - Neither the name of The Storage Networking Industry Association (SNIA)
23 22 * nor the names of its contributors may be used to endorse or promote
24 23 * products derived from this software without specific prior written
25 24 * permission.
26 25 *
27 26 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
28 27 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
|
↓ open down ↓ |
15 lines elided |
↑ open up ↑ |
31 30 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
32 31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
33 32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
34 33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
35 34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
36 35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
37 36 * POSSIBILITY OF SUCH DAMAGE.
38 37 */
39 38 /* Copyright (c) 2007, The Storage Networking Industry Association. */
40 39 /* Copyright (c) 1996, 1997 PDC, Network Appliance. All Rights Reserved */
41 -/* Copyright 2014 Nexenta Systems, Inc. All rights reserved. */
40 +/* Copyright 2016 Nexenta Systems, Inc. All rights reserved. */
42 41
43 42 #include <sys/types.h>
44 43 #include <errno.h>
45 44 #include <pwd.h>
45 +#include <syslog.h>
46 46 #include <sys/socket.h>
47 47 #include <netinet/in.h>
48 48 #include <sys/queue.h>
49 49 #include <arpa/inet.h>
50 50 #include <md5.h>
51 51 #include <shadow.h>
52 52 #include <crypt.h>
53 53 #include <alloca.h>
54 54 #include "ndmpd_common.h"
55 55 #include "ndmpd.h"
56 56 #include <libndmp.h>
57 57 #include <ndmpd_door.h>
58 58 #include <security/pam_appl.h>
59 59
60 60
61 61 static int ndmpd_connect_auth_text(char *uname, char *auth_id,
62 62 char *auth_password);
63 63 static int ndmpd_connect_auth_md5(char *uname, char *auth_id, char *auth_digest,
64 64 unsigned char *auth_challenge);
65 65 static struct conn_list *ndmp_connect_list_find(ndmp_connection_t *connection);
66 66 static void create_md5_digest(unsigned char *digest, char *passwd,
67 67 unsigned char *challenge);
68 68 static struct conn_list *ndmp_connect_list_find_id(int id);
69 69
70 70 /* routines for connection info */
71 71 void ndmp_connect_list_get(ndmp_door_ctx_t *enc_ctx);
72 72 static void connection_get(struct conn_list *clp, ndmp_door_ctx_t *enc_ctx);
73 73 static void ndmp_connect_get_conn(struct conn_list *clp,
74 74 ndmp_door_ctx_t *enc_ctx);
75 75 static void ndmp_connect_get_v2(ndmp_connection_t *connection,
76 76 ndmp_door_ctx_t *enc_ctx);
77 77 static void ndmp_connect_get_scsi_v2(ndmpd_session_t *session,
78 78 ndmp_door_ctx_t *enc_ctx);
79 79 static void ndmp_connect_get_tape_v2(ndmpd_session_t *session,
80 80 ndmp_door_ctx_t *enc_ctx);
81 81 static void ndmp_connect_get_mover_v2(ndmpd_session_t *session,
82 82 ndmp_door_ctx_t *enc_ctx);
83 83 static void ndmp_connect_get_data_v2(ndmpd_session_t *session,
84 84 ndmp_door_ctx_t *enc_ctx);
85 85 static void ndmp_connect_get_v3(ndmp_connection_t *connection,
86 86 ndmp_door_ctx_t *enc_ctx);
87 87 static void ndmp_connect_get_mover_v3(ndmpd_session_t *session,
88 88 ndmp_door_ctx_t *enc_ctx);
89 89 static void ndmp_connect_get_data_v3(ndmpd_session_t *session,
90 90 ndmp_door_ctx_t *enc_ctx);
91 91 void ndmpd_get_devs(ndmp_door_ctx_t *enc_ctx);
92 92
93 93 #ifndef LIST_FOREACH
94 94 #define LIST_FOREACH(var, head, field) \
95 95 for ((var) = (head)->lh_first; (var); (var) = (var)->field.le_next)
96 96 #endif /* LIST_FOREACH */
97 97
98 98 /*
99 99 * List of active connections.
100 100 */
101 101 struct conn_list {
102 102 LIST_ENTRY(conn_list) cl_q;
103 103 int cl_id;
104 104 ndmp_connection_t *cl_conn;
105 105 };
106 106 LIST_HEAD(cl_head, conn_list);
107 107
108 108 /*
109 109 * Head of the active connections.
110 110 */
111 111 static struct cl_head cl_head;
112 112
113 113 mutex_t cl_mutex = DEFAULTMUTEX;
114 114
115 115
116 116 /*
117 117 * Set this variable to non-zero to print verbose information.
118 118 */
119 119 int ndmp_connect_print_verbose = 0;
120 120
121 121
122 122 /*
123 123 * ************************************************************************
124 124 * NDMP V2 HANDLERS
125 125 * ************************************************************************
126 126 */
127 127
128 128 /*
129 129 * ndmpd_connect_open_v2
130 130 *
131 131 * This handler sets the protocol version to be used on the connection.
132 132 *
133 133 * Parameters:
134 134 * connection (input) - connection handle.
135 135 * body (input) - request message body.
136 136 *
137 137 * Returns:
138 138 * void
139 139 */
140 140
141 141 void
142 142 ndmpd_connect_open_v2(ndmp_connection_t *connection, void *body)
143 143 {
144 144 ndmp_connect_open_request *request = (ndmp_connect_open_request *)body;
145 145 ndmp_connect_open_reply reply;
146 146 ndmpd_session_t *session;
147 147
148 148 reply.error = NDMP_NO_ERR;
149 149
150 150 if (!(session = (ndmpd_session_t *)ndmp_get_client_data(connection)))
151 151 return;
152 152
153 153 if (session->ns_mover.md_state != NDMP_MOVER_STATE_IDLE ||
154 154 session->ns_data.dd_state != NDMP_DATA_STATE_IDLE)
155 155 reply.error = NDMP_ILLEGAL_STATE_ERR;
156 156 else if (request->protocol_version > ndmp_ver)
157 157 reply.error = NDMP_ILLEGAL_ARGS_ERR;
158 158
|
↓ open down ↓ |
103 lines elided |
↑ open up ↑ |
159 159 ndmp_send_reply(connection, (void *) &reply,
160 160 "sending connect_open reply");
161 161
162 162 /*
163 163 * Set the protocol version.
164 164 * Must wait until after sending the reply since the reply
165 165 * must be sent using the same protocol version that was used
166 166 * to process the request.
167 167 */
168 168 if (reply.error == NDMP_NO_ERR) {
169 - NDMP_LOG(LOG_DEBUG, "set ver to: %d",
170 - request->protocol_version);
171 169 ndmp_set_version(connection, request->protocol_version);
172 170 session->ns_protocol_version = request->protocol_version;
173 171 }
174 172 }
175 173
176 174
177 175 /*
178 176 * ndmpd_connect_client_auth_v2
179 177 *
180 178 * This handler authorizes the NDMP connection.
181 179 *
182 180 * Parameters:
183 181 * connection (input) - connection handle.
184 182 * msginfo (input) - request message.
185 183 *
186 184 * Returns:
187 185 * void
188 186 */
189 187 void
190 188 ndmpd_connect_client_auth_v2(ndmp_connection_t *connection, void *body)
191 189 {
|
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
192 190 ndmp_connect_client_auth_request *request;
193 191 ndmp_connect_client_auth_reply reply;
194 192 ndmp_auth_text *auth;
195 193 ndmpd_session_t *session;
196 194 ndmp_auth_md5 *md5;
197 195 unsigned char md5_digest[16];
198 196 char *passwd, *dec_passwd;
199 197 char *uname;
200 198
201 199 request = (ndmp_connect_client_auth_request *)body;
202 - NDMP_LOG(LOG_DEBUG, "auth_type:%s",
203 - request->auth_data.auth_type == NDMP_AUTH_NONE ? "None" :
204 - (request->auth_data.auth_type == NDMP_AUTH_TEXT ? "Text" :
205 - (request->auth_data.auth_type == NDMP_AUTH_MD5 ? "MD5" :
206 - "Invalid")));
207 200
208 201 reply.error = NDMP_NO_ERR;
209 202
210 203 switch (request->auth_data.auth_type) {
211 204 case NDMP_AUTH_NONE:
212 205 /*
213 206 * Allow no authorization for development.
214 207 * Comment the following for a non-secure production server.
215 208 */
216 - NDMP_LOG(LOG_ERR, "Authorization denied.");
217 - NDMP_LOG(LOG_ERR,
209 + syslog(LOG_ERR, "Authorization denied.");
210 + syslog(LOG_ERR,
218 211 "Authorization type should be md5 or cleartext.");
219 212 reply.error = NDMP_ILLEGAL_ARGS_ERR;
220 213 ndmpd_audit_connect(connection, EINVAL);
221 214 break;
222 215
223 216 case NDMP_AUTH_TEXT:
224 217 /* Check authorization. */
225 218 if ((uname = ndmpd_get_prop(NDMP_CLEARTEXT_USERNAME)) == NULL ||
226 219 *uname == 0) {
227 - NDMP_LOG(LOG_ERR, "Authorization denied.");
228 - NDMP_LOG(LOG_ERR, "User name is not set at server.");
220 + syslog(LOG_ERR, "Authorization denied.");
221 + syslog(LOG_ERR, "User name is not set at server.");
229 222 reply.error = NDMP_NOT_AUTHORIZED_ERR;
230 223 ndmp_set_authorized(connection, FALSE);
231 224 ndmp_send_reply(connection, (void *) &reply,
232 225 "sending ndmp_connect_client_auth reply");
233 226 ndmpd_audit_connect(connection,
234 227 ADT_FAIL_PAM + PAM_AUTH_ERR);
235 228 return;
236 229 }
237 230 auth = &request->auth_data.ndmp_auth_data_u.auth_text;
238 231 if (strcmp(uname, auth->user) != 0) {
239 - NDMP_LOG(LOG_ERR,
232 + syslog(LOG_ERR,
240 233 "Authorization denied. Not a valid user.");
241 234 reply.error = NDMP_NOT_AUTHORIZED_ERR;
242 235 ndmpd_audit_connect(connection,
243 236 ADT_FAIL_PAM + PAM_AUTH_ERR);
244 237 break;
245 238 }
246 239 passwd = ndmpd_get_prop(NDMP_CLEARTEXT_PASSWORD);
247 240 if (!passwd || !*passwd) {
248 - NDMP_LOG(LOG_ERR, "Authorization denied.");
249 - NDMP_LOG(LOG_ERR,
241 + syslog(LOG_ERR, "Authorization denied.");
242 + syslog(LOG_ERR,
250 243 "Cleartext password is not set at server.");
251 244 reply.error = NDMP_NOT_AUTHORIZED_ERR;
252 245 ndmp_set_authorized(connection, FALSE);
253 246 ndmp_send_reply(connection, (void *) &reply,
254 247 "sending ndmp_connect_client_auth reply");
255 248 ndmpd_audit_connect(connection,
256 249 ADT_FAIL_PAM + PAM_AUTH_ERR);
257 250 return;
258 251 } else {
259 252 dec_passwd = ndmp_base64_decode(passwd);
260 253 }
261 254 if (!dec_passwd || !*dec_passwd ||
262 255 strcmp(auth->password, dec_passwd) != 0) {
263 - NDMP_LOG(LOG_ERR,
256 + syslog(LOG_ERR,
264 257 "Authorization denied. Invalid password.");
265 258 reply.error = NDMP_NOT_AUTHORIZED_ERR;
266 - } else {
267 - NDMP_LOG(LOG_DEBUG, "Authorization granted.");
268 259 }
269 260 ndmpd_audit_connect(connection, reply.error ?
270 261 ADT_FAIL_PAM + PAM_AUTH_ERR : 0);
271 262
272 263 free(dec_passwd);
273 264 break;
274 265
275 266 case NDMP_AUTH_MD5:
276 267 /* Check authorization. */
277 268 if ((uname = ndmpd_get_prop(NDMP_CRAM_MD5_USERNAME)) == NULL ||
278 269 *uname == 0) {
279 - NDMP_LOG(LOG_ERR, "Authorization denied.");
280 - NDMP_LOG(LOG_ERR, "User name is not set at server.");
270 + syslog(LOG_ERR, "Authorization denied.");
271 + syslog(LOG_ERR, "User name is not set at server.");
281 272 reply.error = NDMP_NOT_AUTHORIZED_ERR;
282 273 ndmp_set_authorized(connection, FALSE);
283 274 ndmp_send_reply(connection, (void *) &reply,
284 275 "sending ndmp_connect_client_auth reply");
285 276 ndmpd_audit_connect(connection,
286 277 ADT_FAIL_PAM + PAM_AUTH_ERR);
287 278 return;
288 279 }
289 280 md5 = &request->auth_data.ndmp_auth_data_u.auth_md5;
290 281 passwd = ndmpd_get_prop(NDMP_CRAM_MD5_PASSWORD);
291 282 if (!passwd || !*passwd) {
292 - NDMP_LOG(LOG_ERR, "Authorization denied.");
293 - NDMP_LOG(LOG_ERR, "MD5 password is not set at server.");
283 + syslog(LOG_ERR, "Authorization denied.");
284 + syslog(LOG_ERR, "MD5 password is not set at server.");
294 285 reply.error = NDMP_NOT_AUTHORIZED_ERR;
295 286 ndmp_set_authorized(connection, FALSE);
296 287 ndmp_send_reply(connection, (void *) &reply,
297 288 "sending ndmp_connect_client_auth reply");
298 289 ndmpd_audit_connect(connection,
299 290 ADT_FAIL_PAM + PAM_AUTH_ERR);
300 291 return;
301 292 } else {
302 293 dec_passwd = ndmp_base64_decode(passwd);
303 294 }
304 295 session = ndmp_get_client_data(connection);
305 296 create_md5_digest(md5_digest, dec_passwd,
306 297 session->ns_challenge);
307 298
308 299 if (strcmp(uname, md5->user) != 0) {
309 - NDMP_LOG(LOG_ERR,
300 + syslog(LOG_ERR,
310 301 "Authorization denied. Not a valid user.");
311 302 reply.error = NDMP_NOT_AUTHORIZED_ERR;
312 303 } else if (memcmp(md5_digest, md5->auth_digest,
313 304 sizeof (md5_digest)) != 0) {
314 - NDMP_LOG(LOG_ERR,
305 + syslog(LOG_ERR,
315 306 "Authorization denied. Invalid password.");
316 307 reply.error = NDMP_NOT_AUTHORIZED_ERR;
317 - } else {
318 - NDMP_LOG(LOG_DEBUG, "Authorization granted");
319 308 }
320 309 ndmpd_audit_connect(connection, reply.error ?
321 310 ADT_FAIL_PAM + PAM_AUTH_ERR : 0);
322 311
323 312 free(dec_passwd);
324 313 break;
325 314
326 315 default:
327 316 reply.error = NDMP_ILLEGAL_ARGS_ERR;
328 317 }
329 318
330 319 if (reply.error == NDMP_NO_ERR)
331 320 ndmp_set_authorized(connection, TRUE);
332 321 else
333 322 ndmp_set_authorized(connection, FALSE);
334 323
335 324 ndmp_send_reply(connection, (void *) &reply,
336 325 "sending ndmp_connect_client_auth reply");
337 326 }
338 327
339 328
340 329 /*
341 330 * ndmpd_connect_server_auth_v2
342 331 *
343 332 * This handler authenticates the server to the client.
344 333 *
345 334 * Parameters:
346 335 * connection (input) - connection handle.
347 336 * msginfo (input) - request message.
348 337 *
349 338 * Returns:
|
↓ open down ↓ |
21 lines elided |
↑ open up ↑ |
350 339 * void
351 340 */
352 341 void
353 342 ndmpd_connect_server_auth_v2(ndmp_connection_t *connection, void *body)
354 343 {
355 344 ndmp_connect_server_auth_request *request;
356 345 ndmp_connect_server_auth_reply reply;
357 346
358 347 request = (ndmp_connect_server_auth_request *)body;
359 348
360 - NDMP_LOG(LOG_DEBUG, "auth_type:%s",
361 - request->client_attr.auth_type == NDMP_AUTH_NONE ? "None" :
362 - (request->client_attr.auth_type == NDMP_AUTH_TEXT ? "Text" :
363 - (request->client_attr.auth_type == NDMP_AUTH_MD5 ? "MD5" :
364 - "Invalid")));
365 -
366 349 reply.error = NDMP_NO_ERR;
367 350 reply.auth_result.auth_type = request->client_attr.auth_type;
368 351 switch (request->client_attr.auth_type) {
369 352 case NDMP_AUTH_NONE:
370 353 break;
371 354
372 355 case NDMP_AUTH_TEXT:
373 356 reply.auth_result.ndmp_auth_data_u.auth_text.user = "ndmpd";
374 357 reply.auth_result.ndmp_auth_data_u.auth_text.password =
375 358 "ndmpsdk";
376 359 break;
377 360
378 361 case NDMP_AUTH_MD5:
379 362 reply.error = NDMP_ILLEGAL_ARGS_ERR;
380 363 break;
381 364
382 365 default:
383 366 reply.error = NDMP_ILLEGAL_ARGS_ERR;
384 367 }
385 368
386 369 ndmp_send_reply(connection, (void *) &reply,
387 370 "sending ndmp_connect_auth reply");
388 371 }
389 372
390 373
391 374 /*
392 375 * ndmpd_connect_close_v2
393 376 *
394 377 * This handler closes the connection.
395 378 *
396 379 * Parameters:
397 380 * connection (input) - connection handle.
398 381 * msginfo (input) - request message.
399 382 *
400 383 * Returns:
401 384 * void
402 385 */
403 386 /*ARGSUSED*/
404 387 void
405 388 ndmpd_connect_close_v2(ndmp_connection_t *connection, void *body)
406 389 {
407 390 ndmpd_session_t *session;
408 391
409 392 if ((session = (ndmpd_session_t *)ndmp_get_client_data(connection))) {
410 393 (void) ndmp_close(connection);
411 394 session->ns_eof = TRUE;
412 395 }
413 396 }
414 397
415 398 /*
416 399 * ************************************************************************
417 400 * NDMP V3 HANDLERS
418 401 * ************************************************************************
419 402 */
420 403
421 404 /*
422 405 * ndmpd_connect_client_auth_v3
423 406 *
424 407 * This handler authorizes the NDMP connection.
425 408 *
426 409 * Parameters:
427 410 * connection (input) - connection handle.
428 411 * msginfo (input) - request message.
429 412 *
430 413 * Returns:
431 414 * void
432 415 */
433 416 void
434 417 ndmpd_connect_client_auth_v3(ndmp_connection_t *connection, void *body)
435 418 {
|
↓ open down ↓ |
60 lines elided |
↑ open up ↑ |
436 419 ndmp_connect_client_auth_request_v3 *request;
437 420 ndmp_connect_client_auth_reply_v3 reply;
438 421 ndmp_auth_text_v3 *auth;
439 422 ndmpd_session_t *session;
440 423 ndmp_auth_md5_v3 *md5;
441 424 struct in_addr addr;
442 425 char *uname;
443 426 char *type;
444 427
445 428 request = (ndmp_connect_client_auth_request_v3 *)body;
446 - NDMP_LOG(LOG_DEBUG, "auth_type %s",
447 - request->auth_data.auth_type == NDMP_AUTH_NONE ? "None" :
448 - request->auth_data.auth_type == NDMP_AUTH_TEXT ? "Text" :
449 - request->auth_data.auth_type == NDMP_AUTH_MD5 ? "MD5" : "Invalid");
450 429
451 430 reply.error = NDMP_NO_ERR;
452 431
453 432 switch (request->auth_data.auth_type) {
454 433 case NDMP_AUTH_NONE:
455 434 type = "none";
456 435 reply.error = NDMP_NOT_SUPPORTED_ERR;
457 436 ndmpd_audit_connect(connection, ENOTSUP);
458 437 break;
459 438
460 439 case NDMP_AUTH_TEXT:
461 440 /* Check authorization. */
462 441 if ((uname = ndmpd_get_prop(NDMP_CLEARTEXT_USERNAME)) == NULL ||
463 442 *uname == 0) {
464 - NDMP_LOG(LOG_ERR, "Authorization denied.");
465 - NDMP_LOG(LOG_ERR, "User name is not set at server.");
443 + syslog(LOG_ERR, "Authorization denied.");
444 + syslog(LOG_ERR, "User name is not set at server.");
466 445 reply.error = NDMP_NOT_AUTHORIZED_ERR;
467 446 ndmp_set_authorized(connection, FALSE);
468 447 ndmp_send_reply(connection, (void *) &reply,
469 448 "sending ndmp_connect_client_auth reply");
470 449 ndmpd_audit_connect(connection,
471 450 ADT_FAIL_PAM + PAM_AUTH_ERR);
472 451 return;
473 452 }
474 453 type = "text";
475 454 auth = &request->auth_data.ndmp_auth_data_v3_u.auth_text;
476 455 reply.error = ndmpd_connect_auth_text(uname, auth->auth_id,
477 456 auth->auth_password);
478 457 ndmpd_audit_connect(connection, reply.error ?
479 458 ADT_FAIL_PAM + PAM_AUTH_ERR : 0);
480 459 break;
481 460
482 461 case NDMP_AUTH_MD5:
483 462 /* Check authorization. */
484 463 if ((uname = ndmpd_get_prop(NDMP_CRAM_MD5_USERNAME)) == NULL ||
485 464 *uname == 0) {
486 - NDMP_LOG(LOG_ERR, "Authorization denied.");
487 - NDMP_LOG(LOG_ERR, "User name is not set at server.");
465 + syslog(LOG_ERR, "Authorization denied.");
466 + syslog(LOG_ERR, "User name is not set at server.");
488 467 reply.error = NDMP_NOT_AUTHORIZED_ERR;
489 468 ndmp_set_authorized(connection, FALSE);
490 469 ndmp_send_reply(connection, (void *) &reply,
491 470 "sending ndmp_connect_client_auth reply");
492 471 ndmpd_audit_connect(connection,
493 472 ADT_FAIL_PAM + PAM_AUTH_ERR);
494 473 return;
495 474 }
496 475 type = "md5";
497 476 session = ndmp_get_client_data(connection);
498 477 md5 = &request->auth_data.ndmp_auth_data_v3_u.auth_md5;
499 478 reply.error = ndmpd_connect_auth_md5(uname, md5->auth_id,
500 479 md5->auth_digest, session->ns_challenge);
501 480 ndmpd_audit_connect(connection, reply.error ?
502 481 ADT_FAIL_PAM + PAM_AUTH_ERR : 0);
503 482 break;
504 483
505 484 default:
506 485 type = "unknown";
|
↓ open down ↓ |
9 lines elided |
↑ open up ↑ |
507 486 reply.error = NDMP_ILLEGAL_ARGS_ERR;
508 487 ndmpd_audit_connect(connection, EINVAL);
509 488 }
510 489
511 490 if (reply.error == NDMP_NO_ERR) {
512 491 ndmp_set_authorized(connection, TRUE);
513 492 } else {
514 493 ndmp_set_authorized(connection, FALSE);
515 494 if (tcp_get_peer(connection->conn_sock, &addr.s_addr,
516 495 NULL) != -1) {
517 - NDMP_LOG(LOG_ERR,
496 + syslog(LOG_ERR,
518 497 "Authorization(%s) denied for %s.", type,
519 498 inet_ntoa(IN_ADDR(addr)));
520 499 }
521 500 }
522 501
523 502 ndmp_send_reply(connection, (void *) &reply,
524 503 "sending ndmp_connect_auth reply");
525 504 }
526 505
527 506
528 507 /*
529 508 * ndmpd_connect_close_v3
530 509 *
531 510 * Close the connection to the DMA.
532 511 * Send the SHUTDOWN message before closing the socket connection to the DMA.
533 512 *
534 513 * Parameters:
535 514 * connection (input) - connection handle.
536 515 * msginfo (input) - request message.
537 516 *
538 517 * Returns:
539 518 * void
540 519 */
541 520 /*ARGSUSED*/
542 521 void
543 522 ndmpd_connect_close_v3(ndmp_connection_t *connection, void *body)
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
544 523 {
545 524 ndmpd_session_t *session;
546 525 ndmp_lbr_params_t *nlp;
547 526 ndmp_notify_connected_request req;
548 527
549 528 if (!(session = (ndmpd_session_t *)ndmp_get_client_data(connection)))
550 529 return;
551 530 if ((nlp = ndmp_get_nlp(session)) == NULL)
552 531 return;
553 532
554 - NDMP_LOG(LOG_DEBUG, "ver: %u",
555 - session->ns_protocol_version);
556 -
557 533 /* Send the SHUTDOWN message before closing the connection. */
558 534 req.reason = NDMP_SHUTDOWN;
559 535 req.protocol_version = session->ns_protocol_version;
560 536 req.text_reason = "Connection closed by server.";
561 537
562 538 if (ndmp_send_request(connection, NDMP_NOTIFY_CONNECTION_STATUS,
563 539 NDMP_NO_ERR, (void *) &req, 0) < 0) {
564 - NDMP_LOG(LOG_NOTICE, "Sending connection shutdown notify");
540 + syslog(LOG_NOTICE, "Sending connection shutdown notify");
565 541 return;
566 542 }
567 543
568 544 (void) mutex_lock(&nlp->nlp_mtx);
569 545 ndmp_close(connection);
570 546 session->ns_eof = TRUE;
571 547 (void) cond_broadcast(&nlp->nlp_cv);
572 548 (void) mutex_unlock(&nlp->nlp_mtx);
573 549 }
574 550
575 551 /*
576 552 * ************************************************************************
577 553 * NDMP V4 HANDLERS
578 554 * ************************************************************************
579 555 */
580 556
581 557 /*
582 558 * ************************************************************************
583 559 * LOCALS
584 560 * ************************************************************************
585 561 */
586 562
587 563 /*
588 564 * create_md5_digest
589 565 *
590 566 * This function uses the MD5 message-digest algorithm described
591 567 * in RFC1321 to authenticate the client using a shared secret (password).
592 568 * The message used to compute the MD5 digest is a concatenation of password,
593 569 * null padding, the 64 byte fixed length challenge and a repeat of the
594 570 * password. The length of the null padding is chosen to result in a 128 byte
595 571 * fixed length message. The lengh of the padding can be computed as
596 572 * 64 - 2*(length of the password). The client digest is computed using the
597 573 * server challenge from the NDMP_CONFIG_GET_AUTH_ATTR reply.
598 574 *
599 575 * Parameters:
600 576 * digest (output) - 16 bytes MD5 digest
601 577 * passwd (input) - user password
602 578 * challenge (input) - 64 bytes server challenge
603 579 *
604 580 * Returns:
605 581 * void
606 582 */
607 583 static void
608 584 create_md5_digest(unsigned char *digest, char *passwd, unsigned char *challenge)
609 585 {
610 586 char buf[130];
611 587 char *p = &buf[0];
612 588 int len, i;
613 589 MD5_CTX md;
614 590 char *pwd;
615 591
616 592 *p = 0;
617 593 pwd = passwd;
618 594 if ((len = strlen(pwd)) > MD5_PASS_LIMIT)
619 595 len = MD5_PASS_LIMIT;
620 596 (void) memcpy(p, pwd, len);
621 597 p += len;
622 598
623 599 for (i = 0; i < MD5_CHALLENGE_SIZE - 2 * len; i++)
624 600 *p++ = 0;
625 601
626 602 (void) memcpy(p, challenge, MD5_CHALLENGE_SIZE);
627 603 p += MD5_CHALLENGE_SIZE;
628 604 (void) strlcpy(p, pwd, MD5_PASS_LIMIT);
629 605
630 606 MD5Init(&md);
631 607 MD5Update(&md, buf, 128);
632 608 MD5Final(digest, &md);
633 609 }
634 610
635 611 /*
636 612 * ndmp_connect_list_find
637 613 *
638 614 * Find the element in the active connection list.
639 615 *
640 616 * Parameters:
641 617 * connection (input) - connection handler.
|
↓ open down ↓ |
67 lines elided |
↑ open up ↑ |
642 618 *
643 619 * Returns:
644 620 * NULL - error
645 621 * connection list element pointer
646 622 */
647 623 static struct conn_list *
648 624 ndmp_connect_list_find(ndmp_connection_t *connection)
649 625 {
650 626 struct conn_list *clp;
651 627
652 - NDMP_LOG(LOG_DEBUG, "connection: 0x%p",
653 - connection);
654 -
655 628 LIST_FOREACH(clp, &cl_head, cl_q) {
656 629 if (clp->cl_conn == connection) {
657 630 (void) mutex_unlock(&cl_mutex);
658 631 return (clp);
659 632 }
660 633 }
661 634 return (NULL);
662 635 }
663 636
664 637 /*
665 638 * ndmpconnect_list_add
666 639 *
667 640 * Add the new connection to the list of the active connections.
668 641 *
669 642 * Parameters:
670 643 * connection (input) - connection handler.
671 644 * id (input/output) - pointer to connection id.
672 645 *
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
673 646 * Returns:
674 647 * 0 - success
675 648 * -1 - error
676 649 */
677 650 int
678 651 ndmp_connect_list_add(ndmp_connection_t *connection, int *id)
679 652 {
680 653 struct conn_list *clp;
681 654
682 655 if (connection == NULL) {
683 - NDMP_LOG(LOG_DEBUG, "Invalid argument");
656 + syslog(LOG_ERR, "ndmp_connect_list_add: Invalid argument");
684 657 return (-1);
685 658 }
686 659
687 660 if ((clp = ndmp_malloc(sizeof (struct conn_list))) == NULL)
688 661 return (-1);
689 662
690 663 clp->cl_conn = connection;
691 664 clp->cl_id = *id;
692 665
693 666 (void) mutex_lock(&cl_mutex);
694 667 LIST_INSERT_HEAD(&cl_head, clp, cl_q);
695 668 (*id)++;
696 669 (void) mutex_unlock(&cl_mutex);
697 670
698 671 return (0);
699 672 }
700 673
701 674 /*
702 675 * ndmp_connect_list_del
703 676 *
704 677 * Delete the specified connection from the list.
705 678 *
706 679 * Parameters:
707 680 * connection (input) - connection handler.
708 681 *
709 682 * Returns:
710 683 * 0 - success
|
↓ open down ↓ |
17 lines elided |
↑ open up ↑ |
711 684 * -1 - error
712 685 */
713 686 int
714 687 ndmp_connect_list_del(ndmp_connection_t *connection)
715 688 {
716 689 struct conn_list *clp;
717 690
718 691 (void) mutex_lock(&cl_mutex);
719 692 if (!(clp = ndmp_connect_list_find(connection))) {
720 693 (void) mutex_unlock(&cl_mutex);
721 - NDMP_LOG(LOG_DEBUG, "connection not found");
694 + syslog(LOG_ERR, "ndmp_connect_list_del: connection not found");
722 695 return (-1);
723 696 }
724 697
725 698 LIST_REMOVE(clp, cl_q);
726 699 (void) mutex_unlock(&cl_mutex);
727 700 free(clp);
728 701
729 702 return (0);
730 703 }
731 704
732 705
733 706 /*
734 707 * ndmpconnect_list_find_id
735 708 *
736 709 * Find the element specified by its id in the list of active connections.
737 710 *
738 711 * Parameters:
739 712 * id (input) - connection id.
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
740 713 *
741 714 * Returns:
742 715 * NULL - error
743 716 * connection list element pointer
744 717 */
745 718 static struct conn_list *
746 719 ndmp_connect_list_find_id(int id)
747 720 {
748 721 struct conn_list *clp;
749 722
750 - NDMP_LOG(LOG_DEBUG, "id: %d", id);
751 -
752 723 (void) mutex_lock(&cl_mutex);
753 724 LIST_FOREACH(clp, &cl_head, cl_q) {
754 725 if (clp->cl_id == id) {
755 726 (void) mutex_unlock(&cl_mutex);
756 727 return (clp);
757 728 }
758 729 }
759 730
760 731 (void) mutex_unlock(&cl_mutex);
761 732 return (NULL);
762 733 }
763 734
764 735 /*
765 736 * Get common fields of the active connection.
766 737 */
767 738 static void
768 739 ndmp_connect_get_conn(struct conn_list *clp, ndmp_door_ctx_t *enc_ctx)
769 740 {
770 741 int port;
771 742 struct in_addr addr;
772 743 char cl_addr[NDMP_CL_ADDR_LEN];
773 744 ndmpd_session_t *session;
774 745
775 746 if (!(session = (ndmpd_session_t *)ndmp_get_client_data(clp->cl_conn)))
776 747 return;
777 748
778 749 ndmp_door_put_int32(enc_ctx, clp->cl_id);
779 750 ndmp_door_put_int32(enc_ctx, session->ns_protocol_version);
780 751 ndmp_door_put_int32(enc_ctx, clp->cl_conn->conn_authorized);
781 752 ndmp_door_put_int32(enc_ctx, session->ns_eof);
782 753 if (tcp_get_peer(clp->cl_conn->conn_sock, &(addr.s_addr), &port) != -1)
783 754 (void) snprintf(cl_addr, NDMP_CL_ADDR_LEN, "%s:%d",
784 755 (char *)inet_ntoa(addr), port);
785 756 else
786 757 cl_addr[0] = '\0';
787 758 ndmp_door_put_string(enc_ctx, cl_addr);
788 759 }
789 760
790 761 /*
791 762 * Get the connection SCSI info.
792 763 */
793 764 static void
794 765 ndmp_connect_get_scsi_v2(ndmpd_session_t *session, ndmp_door_ctx_t *enc_ctx)
795 766 {
796 767 ndmp_door_put_int32(enc_ctx, session->ns_scsi.sd_is_open);
797 768 ndmp_door_put_string(enc_ctx, session->ns_scsi.sd_adapter_name);
798 769 ndmp_door_put_int32(enc_ctx, session->ns_scsi.sd_valid_target_set);
799 770 if (session->ns_scsi.sd_valid_target_set) {
800 771 ndmp_door_put_int32(enc_ctx, session->ns_scsi.sd_sid);
801 772 ndmp_door_put_int32(enc_ctx, session->ns_scsi.sd_lun);
802 773 }
803 774 }
804 775
805 776 /*
806 777 * Get the connection tape info.
807 778 */
808 779 static void
809 780 ndmp_connect_get_tape_v2(ndmpd_session_t *session, ndmp_door_ctx_t *enc_ctx)
810 781 {
811 782 char dev_name[NDMP_TAPE_DEV_NAME];
812 783
813 784 ndmp_door_put_int32(enc_ctx, session->ns_tape.td_fd);
814 785 if (session->ns_tape.td_fd != -1) {
815 786 ndmp_door_put_uint64(enc_ctx, session->ns_tape.td_record_count);
816 787 ndmp_door_put_int32(enc_ctx, session->ns_tape.td_mode);
817 788 (void) snprintf(dev_name, NDMP_TAPE_DEV_NAME, "%st%02x%x",
818 789 session->ns_tape.td_adapter_name, session->ns_tape.td_sid,
819 790 session->ns_tape.td_lun);
820 791 ndmp_door_put_string(enc_ctx, dev_name);
821 792 ndmp_door_put_string(enc_ctx, session->ns_tape.td_adapter_name);
822 793 ndmp_door_put_int32(enc_ctx, session->ns_tape.td_sid);
823 794 ndmp_door_put_int32(enc_ctx, session->ns_tape.td_lun);
824 795 }
825 796 }
826 797
827 798 /*
828 799 * Get the connection mover info.
829 800 */
830 801 static void
831 802 ndmp_connect_get_mover_v2(ndmpd_session_t *session, ndmp_door_ctx_t *enc_ctx)
832 803 {
833 804 ndmp_door_put_int32(enc_ctx, session->ns_mover.md_state);
834 805 ndmp_door_put_int32(enc_ctx, session->ns_mover.md_mode);
835 806 ndmp_door_put_int32(enc_ctx, session->ns_mover.md_pause_reason);
836 807 ndmp_door_put_int32(enc_ctx, session->ns_mover.md_halt_reason);
837 808 ndmp_door_put_uint64(enc_ctx, session->ns_mover.md_record_size);
838 809 ndmp_door_put_uint64(enc_ctx, session->ns_mover.md_record_num);
839 810 ndmp_door_put_uint64(enc_ctx, session->ns_mover.md_position);
840 811 ndmp_door_put_uint64(enc_ctx, session->ns_mover.md_window_offset);
841 812 ndmp_door_put_uint64(enc_ctx, session->ns_mover.md_window_length);
842 813 ndmp_door_put_int32(enc_ctx, session->ns_mover.md_sock);
843 814 }
844 815
845 816 /*
846 817 * Get the connection common data info.
847 818 */
848 819 static void
849 820 ndmp_connect_get_data_common(ndmpd_session_t *session, ndmp_door_ctx_t *enc_ctx)
850 821 {
851 822 int i;
852 823 ndmp_pval *ep;
853 824 int len;
854 825
855 826 ndmp_door_put_int32(enc_ctx, session->ns_data.dd_operation);
856 827 ndmp_door_put_int32(enc_ctx, session->ns_data.dd_state);
857 828 ndmp_door_put_int32(enc_ctx, session->ns_data.dd_halt_reason);
858 829 ndmp_door_put_int32(enc_ctx, session->ns_data.dd_sock);
859 830 ndmp_door_put_int32(enc_ctx, session->ns_data.dd_mover.addr_type);
860 831 ndmp_door_put_int32(enc_ctx, session->ns_data.dd_abort);
861 832 ndmp_door_put_uint64(enc_ctx, session->ns_data.dd_read_offset);
862 833 ndmp_door_put_uint64(enc_ctx, session->ns_data.dd_read_length);
863 834 ndmp_door_put_uint64(enc_ctx, session->ns_data.dd_data_size);
864 835 /* verify data.env has as much data as in session->ns_data.dd_env_len */
865 836 len = 0;
866 837 ep = session->ns_data.dd_env;
867 838 for (i = 0; ep && i < session->ns_data.dd_env_len; i++, ep++)
868 839 len++;
869 840
870 841 /* put the len */
871 842 (void) mutex_lock(&session->ns_lock);
872 843 ndmp_door_put_uint64(enc_ctx, len);
873 844 ep = session->ns_data.dd_env;
874 845 for (i = 0; i < len; i++, ep++) {
875 846 ndmp_door_put_string(enc_ctx, ep->name);
876 847 ndmp_door_put_string(enc_ctx, ep->value);
877 848 }
878 849 (void) mutex_unlock(&session->ns_lock);
879 850 }
880 851
881 852 /*
882 853 * Get the connection data info.
883 854 */
884 855 static void
885 856 ndmp_connect_get_data_v2(ndmpd_session_t *session, ndmp_door_ctx_t *enc_ctx)
886 857 {
887 858 int i;
888 859 ndmp_name *np;
889 860 char tcp_addr[NDMP_TCP_ADDR_SIZE];
890 861
891 862 ndmp_connect_get_data_common(session, enc_ctx);
892 863
893 864 switch (session->ns_data.dd_mover.addr_type) {
894 865 case NDMP_ADDR_LOCAL:
895 866 (void) snprintf(tcp_addr, NDMP_TCP_ADDR_SIZE, "%s", "Local");
896 867 ndmp_door_put_string(enc_ctx, tcp_addr);
897 868 break;
898 869 case NDMP_ADDR_TCP:
899 870 (void) snprintf(tcp_addr, NDMP_TCP_ADDR_SIZE, "%s:%d",
900 871 (char *)inet_ntoa(IN_ADDR(
901 872 session->ns_data.dd_mover.ndmp_mover_addr_u.addr.ip_addr)),
902 873 session->ns_data.dd_mover.ndmp_mover_addr_u.addr.port);
903 874 ndmp_door_put_string(enc_ctx, tcp_addr);
904 875 break;
905 876 default:
906 877 (void) snprintf(tcp_addr, NDMP_TCP_ADDR_SIZE, "%s", "Unknown");
907 878 ndmp_door_put_string(enc_ctx, tcp_addr);
908 879 }
909 880
910 881 ndmp_door_put_uint64(enc_ctx, session->ns_data.dd_nlist_len);
911 882 np = session->ns_data.dd_nlist;
912 883 for (i = 0; np && i < (int)session->ns_data.dd_nlist_len; i++, np++) {
913 884 ndmp_door_put_string(enc_ctx, np->name);
914 885 ndmp_door_put_string(enc_ctx, np->dest);
915 886 }
916 887 }
917 888
918 889 /*
919 890 * Get V2 connection info.
920 891 */
921 892 static void
922 893 ndmp_connect_get_v2(ndmp_connection_t *connection, ndmp_door_ctx_t *enc_ctx)
923 894 {
924 895 ndmpd_session_t *session;
925 896
926 897 if ((session = (ndmpd_session_t *)ndmp_get_client_data(connection))) {
927 898 ndmp_connect_get_scsi_v2(session, enc_ctx);
928 899 ndmp_connect_get_tape_v2(session, enc_ctx);
929 900 ndmp_connect_get_mover_v2(session, enc_ctx);
930 901 ndmp_connect_get_data_v2(session, enc_ctx);
931 902 }
932 903 }
933 904
934 905 /*
935 906 * Get the V3 connection mover info.
936 907 */
937 908 static void
938 909 ndmp_connect_get_mover_v3(ndmpd_session_t *session, ndmp_door_ctx_t *enc_ctx)
939 910 {
940 911 char tcp_addr[NDMP_TCP_ADDR_SIZE];
941 912
942 913 /* get all the V2 mover data first */
943 914 ndmp_connect_get_mover_v2(session, enc_ctx);
944 915
945 916 /* get the V3 mover data now */
946 917 ndmp_door_put_int32(enc_ctx, session->ns_mover.md_listen_sock);
947 918 ndmp_door_put_int32(enc_ctx, session->ns_mover.md_data_addr.addr_type);
948 919 tcp_addr[0] = '\0';
949 920 (void) snprintf(tcp_addr, NDMP_TCP_ADDR_SIZE, "%s:%d",
950 921 (char *)
951 922 inet_ntoa(IN_ADDR(session->ns_mover.md_data_addr.tcp_ip_v3)),
952 923 (int)session->ns_mover.md_data_addr.tcp_port_v3);
953 924 ndmp_door_put_string(enc_ctx, tcp_addr);
954 925 }
955 926
956 927 /*
957 928 * Get the connection data info.
958 929 */
959 930 static void
960 931 ndmp_connect_get_data_v3(ndmpd_session_t *session, ndmp_door_ctx_t *enc_ctx)
961 932 {
962 933 ulong_t i;
963 934 mem_ndmp_name_v3_t *np;
964 935 char tcp_addr[NDMP_TCP_ADDR_SIZE];
965 936
966 937 ndmp_connect_get_data_common(session, enc_ctx);
967 938
968 939 (void) snprintf(tcp_addr, NDMP_TCP_ADDR_SIZE, "%s:%d",
969 940 (char *)inet_ntoa(IN_ADDR(session->ns_data.dd_data_addr.tcp_ip_v3)),
970 941 (int)session->ns_data.dd_data_addr.tcp_port_v3);
971 942 ndmp_door_put_string(enc_ctx, tcp_addr);
972 943 ndmp_door_put_int32(enc_ctx, session->ns_data.dd_listen_sock);
973 944 ndmp_door_put_uint64(enc_ctx,
974 945 session->ns_data.dd_module.dm_stats.ms_bytes_processed);
975 946 ndmp_door_put_uint64(enc_ctx, session->ns_data.dd_nlist_len);
976 947 np = session->ns_data.dd_nlist_v3;
977 948 for (i = 0; np && i < (int)session->ns_data.dd_nlist_len; i++, np++) {
978 949 ndmp_door_put_string(enc_ctx, np->nm3_opath);
979 950 ndmp_door_put_string(enc_ctx, np->nm3_dpath);
980 951 ndmp_door_put_uint64(enc_ctx, np->nm3_node);
981 952 ndmp_door_put_uint64(enc_ctx, np->nm3_fh_info);
982 953 }
983 954 }
984 955
985 956 /*
986 957 * Get V3 connection info.
987 958 */
988 959 static void
989 960 ndmp_connect_get_v3(ndmp_connection_t *connection, ndmp_door_ctx_t *enc_ctx)
990 961 {
991 962 ndmpd_session_t *session;
992 963
993 964 if ((session = (ndmpd_session_t *)ndmp_get_client_data(connection))) {
994 965 ndmp_connect_get_scsi_v2(session, enc_ctx);
995 966 ndmp_connect_get_tape_v2(session, enc_ctx);
996 967 ndmp_connect_get_mover_v3(session, enc_ctx);
997 968 ndmp_connect_get_data_v3(session, enc_ctx);
998 969 }
999 970 }
1000 971
1001 972 /*
1002 973 * Get the list of all active sessions to the clients. For each version,
1003 974 * call the appropriate get function.
1004 975 */
1005 976 static void
1006 977 connection_get(struct conn_list *clp, ndmp_door_ctx_t *enc_ctx)
1007 978 {
1008 979 ndmpd_session_t *session;
1009 980
1010 981 session = (ndmpd_session_t *)ndmp_get_client_data(clp->cl_conn);
1011 982 if (!session) {
1012 983 ndmp_door_put_int32(enc_ctx, NDMP_SESSION_NODATA);
1013 984 return;
1014 985 }
1015 986 ndmp_door_put_int32(enc_ctx, NDMP_SESSION_DATA);
1016 987
1017 988 switch (session->ns_protocol_version) {
|
↓ open down ↓ |
256 lines elided |
↑ open up ↑ |
1018 989 case NDMPV2:
1019 990 ndmp_connect_get_conn(clp, enc_ctx);
1020 991 ndmp_connect_get_v2(clp->cl_conn, enc_ctx);
1021 992 break;
1022 993 case NDMPV3:
1023 994 case NDMPV4:
1024 995 ndmp_connect_get_conn(clp, enc_ctx);
1025 996 ndmp_connect_get_v3(clp->cl_conn, enc_ctx);
1026 997 break;
1027 998 default:
1028 - NDMP_LOG(LOG_DEBUG,
999 + syslog(LOG_ERR,
1029 1000 "Invalid session (0x%p) version 0x%x", session,
1030 1001 session->ns_protocol_version);
1031 1002 }
1032 1003 }
1033 1004
1034 1005 /*
1035 1006 * ndmpd_connect_kill
1036 1007 *
1037 1008 * Kill the connection based on its version.
1038 1009 *
1039 1010 * Parameters:
1040 1011 * connection (input) - connection handler.
1041 1012 *
1042 1013 * Returns:
1043 1014 * 0 - success
1044 1015 * -1 - error
1045 1016 */
1046 1017 int
1047 1018 ndmpd_connect_kill(ndmp_connection_t *connection)
1048 1019 {
1049 1020 ndmpd_session_t *session;
1050 1021
1051 1022 if (!(session = (ndmpd_session_t *)ndmp_get_client_data(connection)))
1052 1023 return (-1);
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
1053 1024
1054 1025 switch (session->ns_protocol_version) {
1055 1026 case NDMPV2:
1056 1027 ndmpd_connect_close_v2(connection, (void *)NULL);
1057 1028 break;
1058 1029 case NDMPV3:
1059 1030 case NDMPV4:
1060 1031 ndmpd_connect_close_v3(connection, (void *)NULL);
1061 1032 break;
1062 1033 default:
1063 - NDMP_LOG(LOG_DEBUG,
1034 + syslog(LOG_ERR,
1064 1035 "Invalid session (0x%p) version 0x%x", session,
1065 1036 session->ns_protocol_version);
1066 1037 }
1067 1038
1068 1039 return (0);
1069 1040 }
1070 1041
1071 1042 /*
1072 1043 * Get the list of all active sessions to the clients.
1073 1044 */
1074 1045 void
1075 1046 ndmp_connect_list_get(ndmp_door_ctx_t *enc_ctx)
1076 1047 {
1077 1048 int n;
1078 1049 struct conn_list *clp;
1079 1050
1080 1051 n = 0;
1081 1052 (void) mutex_lock(&cl_mutex);
1082 1053 LIST_FOREACH(clp, &cl_head, cl_q) {
1083 1054 n++;
1084 1055 }
1085 1056 /* write number of connections */
1086 1057 ndmp_door_put_int32(enc_ctx, n);
1087 1058 n = 0;
1088 1059 LIST_FOREACH(clp, &cl_head, cl_q) {
1089 1060 connection_get(clp, enc_ctx);
1090 1061 n++;
1091 1062 }
1092 1063 (void) mutex_unlock(&cl_mutex);
1093 1064 }
1094 1065
1095 1066 /*
1096 1067 * ndmpd_connect_kill_id
1097 1068 *
1098 1069 * Find a connection by its id and kill it.
1099 1070 *
1100 1071 * Parameters:
1101 1072 * id (input) - connection id.
1102 1073 *
1103 1074 * Returns:
1104 1075 * 0 - success
1105 1076 * -1 - error
1106 1077 */
1107 1078 int
1108 1079 ndmpd_connect_kill_id(int id)
1109 1080 {
1110 1081 struct conn_list *clp;
1111 1082
1112 1083 if (!(clp = ndmp_connect_list_find_id(id)))
1113 1084 return (-1);
1114 1085
1115 1086 return (ndmpd_connect_kill(clp->cl_conn));
1116 1087 }
1117 1088
|
↓ open down ↓ |
44 lines elided |
↑ open up ↑ |
1118 1089 /* Get the devices info */
1119 1090 void
1120 1091 ndmpd_get_devs(ndmp_door_ctx_t *enc_ctx)
1121 1092 {
1122 1093 int i, n;
1123 1094 sasd_drive_t *sd;
1124 1095 scsi_link_t *slink;
1125 1096
1126 1097 if ((n = sasd_dev_count()) == 0) {
1127 1098 ndmp_door_put_int32(enc_ctx, n);
1128 - NDMP_LOG(LOG_DEBUG, "No device attached.");
1099 + syslog(LOG_DEBUG, "No device attached.");
1129 1100 return;
1130 1101 }
1131 1102 ndmp_door_put_int32(enc_ctx, n);
1132 1103
1133 1104 for (i = 0; i < n; i++) {
1134 1105 sd = sasd_drive(i);
1135 1106 slink = sasd_dev_slink(i);
1136 1107
1137 1108 ndmp_door_put_int32(enc_ctx, slink->sl_type);
1138 1109 ndmp_door_put_string(enc_ctx, sd->sd_name);
1139 1110 ndmp_door_put_int32(enc_ctx, slink->sl_lun);
1140 1111 ndmp_door_put_int32(enc_ctx, slink->sl_sid);
1141 1112 ndmp_door_put_string(enc_ctx, sd->sd_vendor);
1142 1113 ndmp_door_put_string(enc_ctx, sd->sd_id);
1143 1114 ndmp_door_put_string(enc_ctx, sd->sd_rev);
1144 1115 ndmp_door_put_string(enc_ctx, sd->sd_serial);
1145 1116 ndmp_door_put_string(enc_ctx, sd->sd_wwn);
1146 1117 }
1147 1118 }
1148 1119
1149 1120 /*
1150 1121 * ndmpd_connect_auth_text
1151 1122 *
1152 1123 * Checks text authorization.
1153 1124 *
1154 1125 * Parameters:
1155 1126 * auth_id (input) - user name
1156 1127 * auth_password(input) - password
1157 1128 *
1158 1129 * Returns:
1159 1130 * NDMP_NO_ERR: on success
1160 1131 * Other NDMP_ error: invalid user name and password
1161 1132 */
1162 1133 int
1163 1134 ndmpd_connect_auth_text(char *uname, char *auth_id, char *auth_password)
1164 1135 {
1165 1136 char *passwd, *dec_passwd;
1166 1137 int rv;
1167 1138
1168 1139 if (strcmp(uname, auth_id) != 0) {
1169 1140 rv = NDMP_NOT_AUTHORIZED_ERR;
1170 1141 } else {
1171 1142 passwd = ndmpd_get_prop(NDMP_CLEARTEXT_PASSWORD);
1172 1143 if (!passwd || !*passwd) {
1173 1144 rv = NDMP_NOT_AUTHORIZED_ERR;
1174 1145 } else {
1175 1146 dec_passwd = ndmp_base64_decode(passwd);
1176 1147 if (dec_passwd == NULL || *dec_passwd == 0)
|
↓ open down ↓ |
38 lines elided |
↑ open up ↑ |
1177 1148 rv = NDMP_NOT_AUTHORIZED_ERR;
1178 1149 else if (strcmp(auth_password, dec_passwd) != 0)
1179 1150 rv = NDMP_NOT_AUTHORIZED_ERR;
1180 1151 else
1181 1152 rv = NDMP_NO_ERR;
1182 1153
1183 1154 free(dec_passwd);
1184 1155 }
1185 1156 }
1186 1157
1187 - if (rv == NDMP_NO_ERR) {
1188 - NDMP_LOG(LOG_DEBUG, "Authorization granted.");
1189 - } else {
1190 - NDMP_LOG(LOG_ERR, "Authorization denied.");
1158 + if (rv != NDMP_NO_ERR) {
1159 + syslog(LOG_ERR, "Authorization denied.");
1191 1160 }
1192 1161
1193 1162 return (rv);
1194 1163 }
1195 1164
1196 1165
1197 1166 /*
1198 1167 * ndmpd_connect_auth_md5
1199 1168 *
1200 1169 * Checks MD5 authorization.
1201 1170 *
1202 1171 * Parameters:
1203 1172 * auth_id (input) - user name
1204 1173 * auth_digest(input) - MD5 digest
1205 1174 * This is a 16 bytes digest info which is a MD5 transform of 128 bytes
1206 1175 * message (password + padding + server challenge + password). Server
1207 1176 * challenge is a 64 bytes random string per NDMP session sent out to the
1208 1177 * client on demand (See NDMP_CONFIG_GET_AUTH_ATTR command).
1209 1178 *
1210 1179 * Returns:
1211 1180 * NDMP_NO_ERR: on success
1212 1181 * Other NDMP_ error: invalid user name and password
1213 1182 */
1214 1183 int
1215 1184 ndmpd_connect_auth_md5(char *uname, char *auth_id, char *auth_digest,
1216 1185 unsigned char *auth_challenge)
1217 1186 {
1218 1187 char *passwd, *dec_passwd;
1219 1188 unsigned char digest[16];
1220 1189 int rv;
1221 1190
1222 1191 if (strcmp(uname, auth_id) != 0) {
1223 1192 rv = NDMP_NOT_AUTHORIZED_ERR;
1224 1193 } else {
1225 1194 passwd = ndmpd_get_prop(NDMP_CRAM_MD5_PASSWORD);
1226 1195 if (passwd == NULL || *passwd == 0) {
1227 1196 rv = NDMP_NOT_AUTHORIZED_ERR;
1228 1197 } else {
1229 1198 dec_passwd = ndmp_base64_decode(passwd);
1230 1199
1231 1200 if (dec_passwd == NULL || *dec_passwd == 0) {
1232 1201 rv = NDMP_NOT_AUTHORIZED_ERR;
1233 1202 } else {
1234 1203 create_md5_digest(digest, dec_passwd,
1235 1204 auth_challenge);
1236 1205 if (memcmp(digest, auth_digest,
|
↓ open down ↓ |
36 lines elided |
↑ open up ↑ |
1237 1206 sizeof (digest)) != 0) {
1238 1207 rv = NDMP_NOT_AUTHORIZED_ERR;
1239 1208 } else {
1240 1209 rv = NDMP_NO_ERR;
1241 1210 }
1242 1211 }
1243 1212 free(dec_passwd);
1244 1213 }
1245 1214 }
1246 1215
1247 - if (rv == NDMP_NO_ERR) {
1248 - NDMP_LOG(LOG_DEBUG, "Authorization granted.");
1249 - } else {
1250 - NDMP_LOG(LOG_ERR, "Authorization denied.");
1251 - }
1252 -
1253 1216 return (rv);
1254 1217 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX