/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * Copyright 2017 Joyent Inc */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ /* All Rights Reserved */ /* * Portions of this source code were derived from Berkeley * 4.3 BSD under license from the Regents of the University of * California. */ /* * svcauth_des.c, server-side des authentication * * We insure for the service the following: * (1) The timestamp microseconds do not exceed 1 million. * (2) The timestamp plus the window is less than the current time. * (3) The timestamp is not less than the one previously * seen in the current session. * * It is up to the server to determine if the window size is * too small. * */ #include "mt.h" #include "rpc_mt.h" #include #include #include #include #include #include #include #include #include #include #include extern int key_decryptsession_pk(const char *, netobj *, des_block *); #define USEC_PER_SEC ((ulong_t)1000000L) #define BEFORE(t1, t2) timercmp(t1, t2, < /* EMPTY */) /* * LRU cache of conversation keys and some other useful items. */ #define DEF_AUTHDES_CACHESZ 128 int authdes_cachesz = DEF_AUTHDES_CACHESZ; struct cache_entry { des_block key; /* conversation key */ char *rname; /* client's name */ uint_t window; /* credential lifetime window */ struct timeval laststamp; /* detect replays of creds */ char *localcred; /* generic local credential */ int index; /* where are we in array? */ struct cache_entry *prev; /* prev entry on LRU list */ struct cache_entry *next; /* next entry on LRU list */ }; static const char __getucredstr[] = "authdes_getucred:"; static struct cache_entry *_rpc_authdes_cache; /* [authdes_cachesz] */ static struct cache_entry *cache_head; /* cache (in LRU order) */ static struct cache_entry *cache_tail; /* cache (in LRU order) */ /* * A rwlock_t would seem to make more sense, but it turns out we always * muck with the cache entries, so would always need a write lock (in * which case, we might as well use a mutex). */ extern mutex_t authdes_lock; static int cache_init(void); /* initialize the cache */ /* find an entry in the cache */ static int cache_spot(des_block *, char *, struct timeval *); static void cache_ref(uint32_t); /* note that sid was ref'd */ static void invalidate(char *); /* invalidate entry in cache */ static void __msgout(int, const char *, const char *); static void __msgout2(const char *, const char *); /* * cache statistics */ struct { ulong_t ncachehits; /* times cache hit, and is not replay */ ulong_t ncachereplays; /* times cache hit, and is replay */ ulong_t ncachemisses; /* times cache missed */ } svcauthdes_stats; /* * NOTE: this has to fit inside RQCRED_SIZE bytes. If you update this struct, * double-check it still fits. */ struct authdes_area { struct authdes_cred area_cred; char area_netname[MAXNETNAMELEN+1]; }; CTASSERT(sizeof (struct authdes_area) <= RQCRED_SIZE); /* * Service side authenticator for AUTH_DES */ enum auth_stat __svcauth_des(struct svc_req *rqst, struct rpc_msg *msg) { int32_t *ixdr; des_block cryptbuf[2]; struct authdes_cred *cred; struct authdes_verf verf; int status; struct cache_entry *entry; uint32_t sid; int cache_spot_id; des_block *sessionkey, init_sessionkey; des_block ivec; uint_t window; struct authdes_area *area; struct timeval timestamp; uint32_t namelen; int fullname_rcvd = 0; int from_cache = 0; (void) mutex_lock(&authdes_lock); if (_rpc_authdes_cache == NULL) { int ret = cache_init(); if (ret == -1) { (void) mutex_unlock(&authdes_lock); return (AUTH_FAILED); } } (void) mutex_unlock(&authdes_lock); /* LINTED pointer cast */ area = (struct authdes_area *)rqst->rq_clntcred; cred = (struct authdes_cred *)&area->area_cred; if ((uint_t)msg->rm_call.cb_cred.oa_length == 0) return (AUTH_BADCRED); /* * Get the credential */ /* LINTED pointer cast */ ixdr = (int32_t *)msg->rm_call.cb_cred.oa_base; cred->adc_namekind = IXDR_GET_ENUM(ixdr, enum authdes_namekind); switch (cred->adc_namekind) { case ADN_FULLNAME: namelen = IXDR_GET_U_INT32(ixdr); if (namelen > MAXNETNAMELEN) return (AUTH_BADCRED); cred->adc_fullname.name = area->area_netname; (void) memcpy(cred->adc_fullname.name, ixdr, (uint_t)namelen); cred->adc_fullname.name[namelen] = 0; ixdr += (RNDUP(namelen) / BYTES_PER_XDR_UNIT); cred->adc_fullname.key.key.high = (uint32_t)*ixdr++; cred->adc_fullname.key.key.low = (uint32_t)*ixdr++; cred->adc_fullname.window = (uint32_t)*ixdr++; fullname_rcvd++; break; case ADN_NICKNAME: cred->adc_nickname = (uint32_t)*ixdr++; break; default: return (AUTH_BADCRED); } if ((uint_t)msg->rm_call.cb_verf.oa_length == 0) return (AUTH_BADVERF); /* * Get the verifier */ /* LINTED pointer cast */ ixdr = (int32_t *)msg->rm_call.cb_verf.oa_base; verf.adv_xtimestamp.key.high = (uint32_t)*ixdr++; verf.adv_xtimestamp.key.low = (uint32_t)*ixdr++; verf.adv_int_u = (uint32_t)*ixdr++; (void) mutex_lock(&authdes_lock); /* * Get the conversation key */ if (fullname_rcvd) { /* ADN_FULLNAME */ netobj pkey; char pkey_data[1024]; again: init_sessionkey = cred->adc_fullname.key; sessionkey = &init_sessionkey; if (!__getpublickey_cached(cred->adc_fullname.name, pkey_data, &from_cache)) { /* * if the user has no public key, treat him as the * unauthenticated identity - nobody. If this * works, it means the client didn't find the * user's keys and used nobody's secret key * as a backup. */ if (!__getpublickey_cached("nobody", pkey_data, &from_cache)) { __msgout(LOG_INFO, "_svcauth_des: no public key for nobody or ", cred->adc_fullname.name); (void) mutex_unlock(&authdes_lock); return (AUTH_BADCRED); /* no key */ } /* * found a public key for nobody. change * the fullname id to nobody, so the caller * thinks the client specified nobody * as the user identity. */ (void) strcpy(cred->adc_fullname.name, "nobody"); } pkey.n_bytes = pkey_data; pkey.n_len = strlen(pkey_data) + 1; if (key_decryptsession_pk(cred->adc_fullname.name, &pkey, sessionkey) < 0) { if (from_cache) { __getpublickey_flush(cred->adc_fullname.name); goto again; } __msgout(LOG_INFO, "_svcauth_des: key_decryptsessionkey failed for", cred->adc_fullname.name); (void) mutex_unlock(&authdes_lock); return (AUTH_BADCRED); /* key not found */ } } else { /* ADN_NICKNAME */ sid = cred->adc_nickname; if (sid >= authdes_cachesz) { __msgout(LOG_INFO, "_svcauth_des:", "bad nickname"); (void) mutex_unlock(&authdes_lock); return (AUTH_BADCRED); /* garbled credential */ } /* actually check that the entry is not null */ entry = &_rpc_authdes_cache[sid]; if (entry->rname == NULL) { (void) mutex_unlock(&authdes_lock); return (AUTH_BADCRED); /* cached out */ } sessionkey = &_rpc_authdes_cache[sid].key; } /* * Decrypt the timestamp */ cryptbuf[0] = verf.adv_xtimestamp; if (fullname_rcvd) { /* ADN_FULLNAME */ cryptbuf[1].key.high = cred->adc_fullname.window; cryptbuf[1].key.low = verf.adv_winverf; ivec.key.high = ivec.key.low = 0; status = cbc_crypt((char *)sessionkey, (char *)cryptbuf, 2 * (int)sizeof (des_block), DES_DECRYPT | DES_HW, (char *)&ivec); } else { status = ecb_crypt((char *)sessionkey, (char *)cryptbuf, (int)sizeof (des_block), DES_DECRYPT | DES_HW); } if (DES_FAILED(status)) { if (fullname_rcvd && from_cache) { __getpublickey_flush(cred->adc_fullname.name); goto again; } __msgout(LOG_ERR, "_svcauth_des: DES decryption failure for", fullname_rcvd ? cred->adc_fullname.name : _rpc_authdes_cache[sid].rname); (void) mutex_unlock(&authdes_lock); return (AUTH_FAILED); /* system error */ } /* * XDR the decrypted timestamp */ ixdr = (int32_t *)cryptbuf; timestamp.tv_sec = IXDR_GET_INT32(ixdr); timestamp.tv_usec = IXDR_GET_INT32(ixdr); /* * Check for valid credentials and verifiers. * They could be invalid because the key was flushed * out of the cache, and so a new session should begin. * Be sure and send AUTH_REJECTED{CRED, VERF} if this is the case. */ { struct timeval current; int nick; int winverf; if (fullname_rcvd) { window = IXDR_GET_U_INT32(ixdr); winverf = IXDR_GET_U_INT32(ixdr); if (winverf != window - 1) { if (from_cache) { __getpublickey_flush( cred->adc_fullname.name); goto again; } __msgout(LOG_INFO, "_svcauth_des: corrupted window from", cred->adc_fullname.name); (void) mutex_unlock(&authdes_lock); /* garbled credential or invalid secret key */ return (AUTH_BADCRED); } cache_spot_id = cache_spot(sessionkey, cred->adc_fullname.name, ×tamp); if (cache_spot_id < 0) { __msgout(LOG_INFO, "_svcauth_des: replayed credential from", cred->adc_fullname.name); (void) mutex_unlock(&authdes_lock); return (AUTH_REJECTEDCRED); /* replay */ } else sid = cache_spot_id; nick = 0; } else { /* ADN_NICKNAME */ window = _rpc_authdes_cache[sid].window; nick = 1; } if ((ulong_t)timestamp.tv_usec >= USEC_PER_SEC) { if (fullname_rcvd && from_cache) { __getpublickey_flush(cred->adc_fullname.name); goto again; } __msgout(LOG_INFO, "_svcauth_des: invalid timestamp received from", fullname_rcvd ? cred->adc_fullname.name : _rpc_authdes_cache[sid].rname); /* cached out (bad key), or garbled verifier */ (void) mutex_unlock(&authdes_lock); return (nick ? AUTH_REJECTEDVERF : AUTH_BADVERF); } if (nick && BEFORE(×tamp, &_rpc_authdes_cache[sid].laststamp)) { if (fullname_rcvd && from_cache) { __getpublickey_flush(cred->adc_fullname.name); goto again; } __msgout(LOG_INFO, "_svcauth_des: timestamp is earlier than the one previously seen from", fullname_rcvd ? cred->adc_fullname.name : _rpc_authdes_cache[sid].rname); (void) mutex_unlock(&authdes_lock); return (AUTH_REJECTEDVERF); /* replay */ } (void) gettimeofday(¤t, NULL); current.tv_sec -= window; /* allow for expiration */ if (!BEFORE(¤t, ×tamp)) { if (fullname_rcvd && from_cache) { __getpublickey_flush(cred->adc_fullname.name); goto again; } __msgout(LOG_INFO, "_svcauth_des: timestamp expired for", fullname_rcvd ? cred->adc_fullname.name : _rpc_authdes_cache[sid].rname); /* replay, or garbled credential */ (void) mutex_unlock(&authdes_lock); return (nick ? AUTH_REJECTEDVERF : AUTH_BADCRED); } } /* * Set up the reply verifier */ verf.adv_nickname = sid; /* * xdr the timestamp before encrypting */ ixdr = (int32_t *)cryptbuf; IXDR_PUT_INT32(ixdr, timestamp.tv_sec - 1); IXDR_PUT_INT32(ixdr, timestamp.tv_usec); /* * encrypt the timestamp */ status = ecb_crypt((char *)sessionkey, (char *)cryptbuf, (int)sizeof (des_block), DES_ENCRYPT | DES_HW); if (DES_FAILED(status)) { __msgout(LOG_ERR, "_svcauth_des: DES encryption failure for", fullname_rcvd ? cred->adc_fullname.name : _rpc_authdes_cache[sid].rname); (void) mutex_unlock(&authdes_lock); return (AUTH_FAILED); /* system error */ } verf.adv_xtimestamp = cryptbuf[0]; /* * Serialize the reply verifier, and update rqst */ /* LINTED pointer cast */ ixdr = (int32_t *)msg->rm_call.cb_verf.oa_base; *ixdr++ = (int32_t)verf.adv_xtimestamp.key.high; *ixdr++ = (int32_t)verf.adv_xtimestamp.key.low; *ixdr++ = (int32_t)verf.adv_int_u; rqst->rq_xprt->xp_verf.oa_flavor = AUTH_DES; rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base; rqst->rq_xprt->xp_verf.oa_length = (char *)ixdr - msg->rm_call.cb_verf.oa_base; if (rqst->rq_xprt->xp_verf.oa_length > MAX_AUTH_BYTES) { __msgout(LOG_ERR, "_svcauth_des: Authenticator length error", fullname_rcvd ? cred->adc_fullname.name : _rpc_authdes_cache[sid].rname); (void) mutex_unlock(&authdes_lock); return (AUTH_REJECTEDVERF); } /* * We succeeded, commit the data to the cache now and * finish cooking the credential. */ entry = &_rpc_authdes_cache[sid]; entry->laststamp = timestamp; cache_ref(sid); if (cred->adc_namekind == ADN_FULLNAME) { cred->adc_fullname.window = window; cred->adc_nickname = sid; /* save nickname */ if (entry->rname != NULL) free(entry->rname); entry->rname = malloc(strlen(cred->adc_fullname.name) + 1); if (entry->rname != NULL) { (void) strcpy(entry->rname, cred->adc_fullname.name); } else { __msgout(LOG_CRIT, "_svcauth_des:", "out of memory"); (void) mutex_unlock(&authdes_lock); return (AUTH_FAILED); } entry->key = *sessionkey; entry->window = window; /* mark any cached cred invalid */ invalidate(entry->localcred); } else { /* ADN_NICKNAME */ /* * nicknames are cooked into fullnames */ cred->adc_namekind = ADN_FULLNAME; cred->adc_fullname.name = entry->rname; cred->adc_fullname.key = entry->key; cred->adc_fullname.window = entry->window; } (void) mutex_unlock(&authdes_lock); return (AUTH_OK); /* we made it! */ } /* * Initialize the cache */ static int cache_init(void) { int i; /* LOCK HELD ON ENTRY: authdes_lock */ assert(MUTEX_HELD(&authdes_lock)); _rpc_authdes_cache = malloc(sizeof (struct cache_entry) * authdes_cachesz); if (_rpc_authdes_cache == NULL) { __msgout(LOG_CRIT, "cache_init:", "out of memory"); return (-1); } (void) memset(_rpc_authdes_cache, 0, sizeof (struct cache_entry) * authdes_cachesz); /* * Initialize the lru chain (linked-list) */ for (i = 1; i < (authdes_cachesz - 1); i++) { _rpc_authdes_cache[i].index = i; _rpc_authdes_cache[i].next = &_rpc_authdes_cache[i + 1]; _rpc_authdes_cache[i].prev = &_rpc_authdes_cache[i - 1]; } cache_head = &_rpc_authdes_cache[0]; cache_tail = &_rpc_authdes_cache[authdes_cachesz - 1]; /* * These elements of the chain need special attention... */ cache_head->index = 0; cache_tail->index = authdes_cachesz - 1; cache_head->next = &_rpc_authdes_cache[1]; cache_head->prev = cache_tail; cache_tail->next = cache_head; cache_tail->prev = &_rpc_authdes_cache[authdes_cachesz - 2]; return (0); } /* * Find the lru victim */ static uint32_t cache_victim(void) { /* LOCK HELD ON ENTRY: authdes_lock */ assert(MUTEX_HELD(&authdes_lock)); return (cache_head->index); /* list in lru order */ } /* * Note that sid was referenced */ static void cache_ref(uint32_t sid) { struct cache_entry *curr = &_rpc_authdes_cache[sid]; /* LOCK HELD ON ENTRY: authdes_lock */ assert(MUTEX_HELD(&authdes_lock)); /* * move referenced item from its place on the LRU chain * to the tail of the chain while checking for special * conditions (mainly for performance). */ if (cache_tail == curr) { /* no work to do */ /*EMPTY*/; } else if (cache_head == curr) { cache_head = cache_head->next; cache_tail = curr; } else { (curr->next)->prev = curr->prev; /* fix thy neighbor */ (curr->prev)->next = curr->next; curr->next = cache_head; /* fix thy self... */ curr->prev = cache_tail; cache_head->prev = curr; /* fix the head */ cache_tail->next = curr; /* fix the tail */ cache_tail = curr; /* move the tail */ } } /* * Find a spot in the cache for a credential containing * the items given. Return -1 if a replay is detected, otherwise * return the spot in the cache. */ static int cache_spot(des_block *key, char *name, struct timeval *timestamp) { struct cache_entry *cp; int i; uint32_t hi; /* LOCK HELD ON ENTRY: authdes_lock */ assert(MUTEX_HELD(&authdes_lock)); hi = key->key.high; for (cp = _rpc_authdes_cache, i = 0; i < authdes_cachesz; i++, cp++) { if (cp->key.key.high == hi && cp->key.key.low == key->key.low && cp->rname != NULL && memcmp(cp->rname, name, strlen(name) + 1) == 0) { if (BEFORE(timestamp, &cp->laststamp)) { svcauthdes_stats.ncachereplays++; return (-1); /* replay */ } svcauthdes_stats.ncachehits++; return (i); /* refresh */ } } svcauthdes_stats.ncachemisses++; return (cache_victim()); } /* * Local credential handling stuff. * NOTE: bsd unix dependent. * Other operating systems should put something else here. */ #define UNKNOWN -2 /* grouplen, if cached cred is unknown user */ #define INVALID -1 /* grouplen, if cache entry is invalid */ struct bsdcred { uid_t uid; /* cached uid */ gid_t gid; /* cached gid */ short grouplen; /* length of cached groups */ gid_t groups[1]; /* cached groups allocate _SC_NGROUPS_MAX */ }; static void invalidate(char *cred) { if (cred == NULL) return; /* LINTED pointer cast */ ((struct bsdcred *)cred)->grouplen = INVALID; } /* * Map a des credential into a unix cred. * We cache the credential here so the application does * not have to make an rpc call every time to interpret * the credential. */ int authdes_getucred(const struct authdes_cred *adc, uid_t *uid, gid_t *gid, short *grouplen, gid_t *groups) { uint32_t sid; int i; uid_t i_uid; gid_t i_gid; int i_grouplen; struct bsdcred *cred; sid = adc->adc_nickname; if (sid >= authdes_cachesz) { __msgout2(__getucredstr, "invalid nickname"); return (0); } (void) mutex_lock(&authdes_lock); /* LINTED pointer cast */ cred = (struct bsdcred *)_rpc_authdes_cache[sid].localcred; if (cred == NULL) { static size_t bsdcred_sz; if (bsdcred_sz == 0) { bsdcred_sz = sizeof (struct bsdcred) + (sysconf(_SC_NGROUPS_MAX) - 1) * sizeof (gid_t); } cred = malloc(bsdcred_sz); if (cred == NULL) { __msgout2(__getucredstr, "out of memory"); (void) mutex_unlock(&authdes_lock); return (0); } _rpc_authdes_cache[sid].localcred = (char *)cred; cred->grouplen = INVALID; } if (cred->grouplen == INVALID) { /* * not in cache: lookup */ if (!netname2user(adc->adc_fullname.name, (uid_t *)&i_uid, (gid_t *)&i_gid, &i_grouplen, (gid_t *)groups)) { __msgout2(__getucredstr, "unknown netname"); /* mark as lookup up, but not found */ cred->grouplen = UNKNOWN; (void) mutex_unlock(&authdes_lock); return (0); } __msgout2(__getucredstr, "missed ucred cache"); *uid = cred->uid = i_uid; *gid = cred->gid = i_gid; *grouplen = cred->grouplen = i_grouplen; for (i = i_grouplen - 1; i >= 0; i--) { cred->groups[i] = groups[i]; } (void) mutex_unlock(&authdes_lock); return (1); } if (cred->grouplen == UNKNOWN) { /* * Already lookup up, but no match found */ (void) mutex_unlock(&authdes_lock); return (0); } /* * cached credentials */ *uid = cred->uid; *gid = cred->gid; *grouplen = cred->grouplen; for (i = cred->grouplen - 1; i >= 0; i--) { groups[i] = cred->groups[i]; } (void) mutex_unlock(&authdes_lock); return (1); } static void __msgout(int level, const char *str, const char *strarg) { (void) syslog(level, "%s %s", str, strarg); } static void __msgout2(const char *str, const char *str2) { (void) syslog(LOG_DEBUG, "%s %s", str, str2); }