1dfdcada3SDoug Rabson /* $NetBSD: auth_unix.c,v 1.18 2000/07/06 03:03:30 christos Exp $ */ 2dfdcada3SDoug Rabson 3dfdcada3SDoug Rabson /* 4dfdcada3SDoug Rabson * Sun RPC is a product of Sun Microsystems, Inc. and is provided for 5dfdcada3SDoug Rabson * unrestricted use provided that this legend is included on all tape 6dfdcada3SDoug Rabson * media and as a part of the software program in whole or part. Users 7dfdcada3SDoug Rabson * may copy or modify Sun RPC without charge, but are not authorized 8dfdcada3SDoug Rabson * to license or distribute it to anyone else except as part of a product or 9dfdcada3SDoug Rabson * program developed by the user. 10dfdcada3SDoug Rabson * 11dfdcada3SDoug Rabson * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE 12dfdcada3SDoug Rabson * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR 13dfdcada3SDoug Rabson * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. 14dfdcada3SDoug Rabson * 15dfdcada3SDoug Rabson * Sun RPC is provided with no support and without any obligation on the 16dfdcada3SDoug Rabson * part of Sun Microsystems, Inc. to assist in its use, correction, 17dfdcada3SDoug Rabson * modification or enhancement. 18dfdcada3SDoug Rabson * 19dfdcada3SDoug Rabson * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE 20dfdcada3SDoug Rabson * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC 21dfdcada3SDoug Rabson * OR ANY PART THEREOF. 22dfdcada3SDoug Rabson * 23dfdcada3SDoug Rabson * In no event will Sun Microsystems, Inc. be liable for any lost revenue 24dfdcada3SDoug Rabson * or profits or other special, indirect and consequential damages, even if 25dfdcada3SDoug Rabson * Sun has been advised of the possibility of such damages. 26dfdcada3SDoug Rabson * 27dfdcada3SDoug Rabson * Sun Microsystems, Inc. 28dfdcada3SDoug Rabson * 2550 Garcia Avenue 29dfdcada3SDoug Rabson * Mountain View, California 94043 30dfdcada3SDoug Rabson */ 31dfdcada3SDoug Rabson 32dfdcada3SDoug Rabson #if defined(LIBC_SCCS) && !defined(lint) 33dfdcada3SDoug Rabson static char *sccsid2 = "@(#)auth_unix.c 1.19 87/08/11 Copyr 1984 Sun Micro"; 34dfdcada3SDoug Rabson static char *sccsid = "@(#)auth_unix.c 2.2 88/08/01 4.0 RPCSRC"; 35dfdcada3SDoug Rabson #endif 36dfdcada3SDoug Rabson #include <sys/cdefs.h> 37dfdcada3SDoug Rabson __FBSDID("$FreeBSD$"); 38dfdcada3SDoug Rabson 39dfdcada3SDoug Rabson /* 40dfdcada3SDoug Rabson * auth_unix.c, Implements UNIX style authentication parameters. 41dfdcada3SDoug Rabson * 42dfdcada3SDoug Rabson * Copyright (C) 1984, Sun Microsystems, Inc. 43dfdcada3SDoug Rabson * 44dfdcada3SDoug Rabson * The system is very weak. The client uses no encryption for it's 45dfdcada3SDoug Rabson * credentials and only sends null verifiers. The server sends backs 46dfdcada3SDoug Rabson * null verifiers or optionally a verifier that suggests a new short hand 47dfdcada3SDoug Rabson * for the credentials. 48dfdcada3SDoug Rabson * 49dfdcada3SDoug Rabson */ 50dfdcada3SDoug Rabson 51dfdcada3SDoug Rabson #include <sys/param.h> 52dfdcada3SDoug Rabson #include <sys/systm.h> 53dfdcada3SDoug Rabson #include <sys/lock.h> 54dfdcada3SDoug Rabson #include <sys/malloc.h> 55dfdcada3SDoug Rabson #include <sys/mutex.h> 56dfdcada3SDoug Rabson #include <sys/ucred.h> 57dfdcada3SDoug Rabson 58dfdcada3SDoug Rabson #include <rpc/types.h> 59dfdcada3SDoug Rabson #include <rpc/xdr.h> 60dfdcada3SDoug Rabson #include <rpc/auth.h> 61dfdcada3SDoug Rabson 62dfdcada3SDoug Rabson #include "rpc_com.h" 63dfdcada3SDoug Rabson 64dfdcada3SDoug Rabson /* auth_unix.c */ 65dfdcada3SDoug Rabson static void authunix_nextverf (AUTH *); 66dfdcada3SDoug Rabson static bool_t authunix_marshal (AUTH *, XDR *); 67dfdcada3SDoug Rabson static bool_t authunix_validate (AUTH *, struct opaque_auth *); 68dfdcada3SDoug Rabson static bool_t authunix_refresh (AUTH *, void *); 69dfdcada3SDoug Rabson static void authunix_destroy (AUTH *); 70dfdcada3SDoug Rabson static void marshal_new_auth (AUTH *); 71dfdcada3SDoug Rabson 72dfdcada3SDoug Rabson static struct auth_ops authunix_ops = { 73dfdcada3SDoug Rabson .ah_nextverf = authunix_nextverf, 74dfdcada3SDoug Rabson .ah_marshal = authunix_marshal, 75dfdcada3SDoug Rabson .ah_validate = authunix_validate, 76dfdcada3SDoug Rabson .ah_refresh = authunix_refresh, 77dfdcada3SDoug Rabson .ah_destroy = authunix_destroy 78dfdcada3SDoug Rabson }; 79dfdcada3SDoug Rabson 80dfdcada3SDoug Rabson /* 81dfdcada3SDoug Rabson * This struct is pointed to by the ah_private field of an auth_handle. 82dfdcada3SDoug Rabson */ 83dfdcada3SDoug Rabson struct audata { 84dfdcada3SDoug Rabson struct opaque_auth au_origcred; /* original credentials */ 85dfdcada3SDoug Rabson struct opaque_auth au_shcred; /* short hand cred */ 86dfdcada3SDoug Rabson u_long au_shfaults; /* short hand cache faults */ 87dfdcada3SDoug Rabson char au_marshed[MAX_AUTH_BYTES]; 88dfdcada3SDoug Rabson u_int au_mpos; /* xdr pos at end of marshed */ 89dfdcada3SDoug Rabson }; 90dfdcada3SDoug Rabson #define AUTH_PRIVATE(auth) ((struct audata *)auth->ah_private) 91dfdcada3SDoug Rabson 92dfdcada3SDoug Rabson /* 93dfdcada3SDoug Rabson * Create a unix style authenticator. 94dfdcada3SDoug Rabson * Returns an auth handle with the given stuff in it. 95dfdcada3SDoug Rabson */ 96dfdcada3SDoug Rabson AUTH * 97dfdcada3SDoug Rabson authunix_create(struct ucred *cred) 98dfdcada3SDoug Rabson { 99dfdcada3SDoug Rabson struct xucred xcr; 100dfdcada3SDoug Rabson char mymem[MAX_AUTH_BYTES]; 101dfdcada3SDoug Rabson XDR xdrs; 102dfdcada3SDoug Rabson AUTH *auth; 103dfdcada3SDoug Rabson struct audata *au; 104dfdcada3SDoug Rabson struct timeval now; 105dfdcada3SDoug Rabson uint32_t time; 106dfdcada3SDoug Rabson int len; 107dfdcada3SDoug Rabson 108dfdcada3SDoug Rabson /* 109dfdcada3SDoug Rabson * Allocate and set up auth handle 110dfdcada3SDoug Rabson */ 111dfdcada3SDoug Rabson au = NULL; 112dfdcada3SDoug Rabson auth = mem_alloc(sizeof(*auth)); 113dfdcada3SDoug Rabson #ifndef _KERNEL 114dfdcada3SDoug Rabson if (auth == NULL) { 115dfdcada3SDoug Rabson printf("authunix_create: out of memory"); 116dfdcada3SDoug Rabson goto cleanup_authunix_create; 117dfdcada3SDoug Rabson } 118dfdcada3SDoug Rabson #endif 119dfdcada3SDoug Rabson au = mem_alloc(sizeof(*au)); 120dfdcada3SDoug Rabson #ifndef _KERNEL 121dfdcada3SDoug Rabson if (au == NULL) { 122dfdcada3SDoug Rabson printf("authunix_create: out of memory"); 123dfdcada3SDoug Rabson goto cleanup_authunix_create; 124dfdcada3SDoug Rabson } 125dfdcada3SDoug Rabson #endif 126dfdcada3SDoug Rabson auth->ah_ops = &authunix_ops; 127dfdcada3SDoug Rabson auth->ah_private = (caddr_t)au; 128dfdcada3SDoug Rabson auth->ah_verf = au->au_shcred = _null_auth; 129dfdcada3SDoug Rabson au->au_shfaults = 0; 130dfdcada3SDoug Rabson au->au_origcred.oa_base = NULL; 131dfdcada3SDoug Rabson 132dfdcada3SDoug Rabson getmicrotime(&now); 133dfdcada3SDoug Rabson time = now.tv_sec; 134dfdcada3SDoug Rabson 135dfdcada3SDoug Rabson /* 136dfdcada3SDoug Rabson * Serialize the parameters into origcred 137dfdcada3SDoug Rabson */ 138dfdcada3SDoug Rabson xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE); 139dfdcada3SDoug Rabson cru2x(cred, &xcr); 140dfdcada3SDoug Rabson if (! xdr_authunix_parms(&xdrs, &time, &xcr)) 141dfdcada3SDoug Rabson panic("authunix_create: failed to encode creds"); 142dfdcada3SDoug Rabson au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs); 143dfdcada3SDoug Rabson au->au_origcred.oa_flavor = AUTH_UNIX; 144dfdcada3SDoug Rabson #ifdef _KERNEL 145dfdcada3SDoug Rabson au->au_origcred.oa_base = mem_alloc((u_int) len); 146dfdcada3SDoug Rabson #else 147dfdcada3SDoug Rabson if ((au->au_origcred.oa_base = mem_alloc((u_int) len)) == NULL) { 148dfdcada3SDoug Rabson printf("authunix_create: out of memory"); 149dfdcada3SDoug Rabson goto cleanup_authunix_create; 150dfdcada3SDoug Rabson } 151dfdcada3SDoug Rabson #endif 152dfdcada3SDoug Rabson memcpy(au->au_origcred.oa_base, mymem, (size_t)len); 153dfdcada3SDoug Rabson 154dfdcada3SDoug Rabson /* 155dfdcada3SDoug Rabson * set auth handle to reflect new cred. 156dfdcada3SDoug Rabson */ 157dfdcada3SDoug Rabson auth->ah_cred = au->au_origcred; 158dfdcada3SDoug Rabson marshal_new_auth(auth); 159dfdcada3SDoug Rabson return (auth); 160dfdcada3SDoug Rabson #ifndef _KERNEL 161dfdcada3SDoug Rabson cleanup_authunix_create: 162dfdcada3SDoug Rabson if (auth) 163dfdcada3SDoug Rabson mem_free(auth, sizeof(*auth)); 164dfdcada3SDoug Rabson if (au) { 165dfdcada3SDoug Rabson if (au->au_origcred.oa_base) 166dfdcada3SDoug Rabson mem_free(au->au_origcred.oa_base, (u_int)len); 167dfdcada3SDoug Rabson mem_free(au, sizeof(*au)); 168dfdcada3SDoug Rabson } 169dfdcada3SDoug Rabson return (NULL); 170dfdcada3SDoug Rabson #endif 171dfdcada3SDoug Rabson } 172dfdcada3SDoug Rabson 173dfdcada3SDoug Rabson /* 174dfdcada3SDoug Rabson * authunix operations 175dfdcada3SDoug Rabson */ 176dfdcada3SDoug Rabson 177dfdcada3SDoug Rabson /* ARGSUSED */ 178dfdcada3SDoug Rabson static void 179dfdcada3SDoug Rabson authunix_nextverf(AUTH *auth) 180dfdcada3SDoug Rabson { 181dfdcada3SDoug Rabson /* no action necessary */ 182dfdcada3SDoug Rabson } 183dfdcada3SDoug Rabson 184dfdcada3SDoug Rabson static bool_t 185dfdcada3SDoug Rabson authunix_marshal(AUTH *auth, XDR *xdrs) 186dfdcada3SDoug Rabson { 187dfdcada3SDoug Rabson struct audata *au; 188dfdcada3SDoug Rabson 189dfdcada3SDoug Rabson au = AUTH_PRIVATE(auth); 190dfdcada3SDoug Rabson return (XDR_PUTBYTES(xdrs, au->au_marshed, au->au_mpos)); 191dfdcada3SDoug Rabson } 192dfdcada3SDoug Rabson 193dfdcada3SDoug Rabson static bool_t 194dfdcada3SDoug Rabson authunix_validate(AUTH *auth, struct opaque_auth *verf) 195dfdcada3SDoug Rabson { 196dfdcada3SDoug Rabson struct audata *au; 197dfdcada3SDoug Rabson XDR xdrs; 198dfdcada3SDoug Rabson 199dfdcada3SDoug Rabson if (verf->oa_flavor == AUTH_SHORT) { 200dfdcada3SDoug Rabson au = AUTH_PRIVATE(auth); 201dfdcada3SDoug Rabson xdrmem_create(&xdrs, verf->oa_base, verf->oa_length, 202dfdcada3SDoug Rabson XDR_DECODE); 203dfdcada3SDoug Rabson 204dfdcada3SDoug Rabson if (au->au_shcred.oa_base != NULL) { 205dfdcada3SDoug Rabson mem_free(au->au_shcred.oa_base, 206dfdcada3SDoug Rabson au->au_shcred.oa_length); 207dfdcada3SDoug Rabson au->au_shcred.oa_base = NULL; 208dfdcada3SDoug Rabson } 209dfdcada3SDoug Rabson if (xdr_opaque_auth(&xdrs, &au->au_shcred)) { 210dfdcada3SDoug Rabson auth->ah_cred = au->au_shcred; 211dfdcada3SDoug Rabson } else { 212dfdcada3SDoug Rabson xdrs.x_op = XDR_FREE; 213dfdcada3SDoug Rabson (void)xdr_opaque_auth(&xdrs, &au->au_shcred); 214dfdcada3SDoug Rabson au->au_shcred.oa_base = NULL; 215dfdcada3SDoug Rabson auth->ah_cred = au->au_origcred; 216dfdcada3SDoug Rabson } 217dfdcada3SDoug Rabson marshal_new_auth(auth); 218dfdcada3SDoug Rabson } 219dfdcada3SDoug Rabson return (TRUE); 220dfdcada3SDoug Rabson } 221dfdcada3SDoug Rabson 222dfdcada3SDoug Rabson static bool_t 223dfdcada3SDoug Rabson authunix_refresh(AUTH *auth, void *dummy) 224dfdcada3SDoug Rabson { 225dfdcada3SDoug Rabson struct audata *au = AUTH_PRIVATE(auth); 226dfdcada3SDoug Rabson struct xucred xcr; 227dfdcada3SDoug Rabson uint32_t time; 228dfdcada3SDoug Rabson struct timeval now; 229dfdcada3SDoug Rabson XDR xdrs; 230dfdcada3SDoug Rabson int stat; 231dfdcada3SDoug Rabson 232dfdcada3SDoug Rabson if (auth->ah_cred.oa_base == au->au_origcred.oa_base) { 233dfdcada3SDoug Rabson /* there is no hope. Punt */ 234dfdcada3SDoug Rabson return (FALSE); 235dfdcada3SDoug Rabson } 236dfdcada3SDoug Rabson au->au_shfaults ++; 237dfdcada3SDoug Rabson 238dfdcada3SDoug Rabson /* first deserialize the creds back into a struct ucred */ 239dfdcada3SDoug Rabson xdrmem_create(&xdrs, au->au_origcred.oa_base, 240dfdcada3SDoug Rabson au->au_origcred.oa_length, XDR_DECODE); 241dfdcada3SDoug Rabson stat = xdr_authunix_parms(&xdrs, &time, &xcr); 242dfdcada3SDoug Rabson if (! stat) 243dfdcada3SDoug Rabson goto done; 244dfdcada3SDoug Rabson 245dfdcada3SDoug Rabson /* update the time and serialize in place */ 246dfdcada3SDoug Rabson getmicrotime(&now); 247dfdcada3SDoug Rabson time = now.tv_sec; 248dfdcada3SDoug Rabson xdrs.x_op = XDR_ENCODE; 249dfdcada3SDoug Rabson XDR_SETPOS(&xdrs, 0); 250dfdcada3SDoug Rabson 251dfdcada3SDoug Rabson stat = xdr_authunix_parms(&xdrs, &time, &xcr); 252dfdcada3SDoug Rabson if (! stat) 253dfdcada3SDoug Rabson goto done; 254dfdcada3SDoug Rabson auth->ah_cred = au->au_origcred; 255dfdcada3SDoug Rabson marshal_new_auth(auth); 256dfdcada3SDoug Rabson done: 257dfdcada3SDoug Rabson XDR_DESTROY(&xdrs); 258dfdcada3SDoug Rabson return (stat); 259dfdcada3SDoug Rabson } 260dfdcada3SDoug Rabson 261dfdcada3SDoug Rabson static void 262dfdcada3SDoug Rabson authunix_destroy(AUTH *auth) 263dfdcada3SDoug Rabson { 264dfdcada3SDoug Rabson struct audata *au; 265dfdcada3SDoug Rabson 266dfdcada3SDoug Rabson au = AUTH_PRIVATE(auth); 267dfdcada3SDoug Rabson mem_free(au->au_origcred.oa_base, au->au_origcred.oa_length); 268dfdcada3SDoug Rabson 269dfdcada3SDoug Rabson if (au->au_shcred.oa_base != NULL) 270dfdcada3SDoug Rabson mem_free(au->au_shcred.oa_base, au->au_shcred.oa_length); 271dfdcada3SDoug Rabson 272dfdcada3SDoug Rabson mem_free(auth->ah_private, sizeof(struct audata)); 273dfdcada3SDoug Rabson 274dfdcada3SDoug Rabson if (auth->ah_verf.oa_base != NULL) 275dfdcada3SDoug Rabson mem_free(auth->ah_verf.oa_base, auth->ah_verf.oa_length); 276dfdcada3SDoug Rabson 277dfdcada3SDoug Rabson mem_free(auth, sizeof(*auth)); 278dfdcada3SDoug Rabson } 279dfdcada3SDoug Rabson 280dfdcada3SDoug Rabson /* 281dfdcada3SDoug Rabson * Marshals (pre-serializes) an auth struct. 282dfdcada3SDoug Rabson * sets private data, au_marshed and au_mpos 283dfdcada3SDoug Rabson */ 284dfdcada3SDoug Rabson static void 285dfdcada3SDoug Rabson marshal_new_auth(AUTH *auth) 286dfdcada3SDoug Rabson { 287dfdcada3SDoug Rabson XDR xdr_stream; 288dfdcada3SDoug Rabson XDR *xdrs = &xdr_stream; 289dfdcada3SDoug Rabson struct audata *au; 290dfdcada3SDoug Rabson 291dfdcada3SDoug Rabson au = AUTH_PRIVATE(auth); 292dfdcada3SDoug Rabson xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE); 293dfdcada3SDoug Rabson if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) || 294dfdcada3SDoug Rabson (! xdr_opaque_auth(xdrs, &(auth->ah_verf)))) 295dfdcada3SDoug Rabson printf("auth_none.c - Fatal marshalling problem"); 296dfdcada3SDoug Rabson else 297dfdcada3SDoug Rabson au->au_mpos = XDR_GETPOS(xdrs); 298dfdcada3SDoug Rabson XDR_DESTROY(xdrs); 299dfdcada3SDoug Rabson } 300