1*2e322d37SHiroki Sato /*- 2*2e322d37SHiroki Sato * Copyright (c) 2009, Sun Microsystems, Inc. 3*2e322d37SHiroki Sato * All rights reserved. 4dfdcada3SDoug Rabson * 5*2e322d37SHiroki Sato * Redistribution and use in source and binary forms, with or without 6*2e322d37SHiroki Sato * modification, are permitted provided that the following conditions are met: 7*2e322d37SHiroki Sato * - Redistributions of source code must retain the above copyright notice, 8*2e322d37SHiroki Sato * this list of conditions and the following disclaimer. 9*2e322d37SHiroki Sato * - Redistributions in binary form must reproduce the above copyright notice, 10*2e322d37SHiroki Sato * this list of conditions and the following disclaimer in the documentation 11*2e322d37SHiroki Sato * and/or other materials provided with the distribution. 12*2e322d37SHiroki Sato * - Neither the name of Sun Microsystems, Inc. nor the names of its 13*2e322d37SHiroki Sato * contributors may be used to endorse or promote products derived 14*2e322d37SHiroki Sato * from this software without specific prior written permission. 15dfdcada3SDoug Rabson * 16*2e322d37SHiroki Sato * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17*2e322d37SHiroki Sato * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18*2e322d37SHiroki Sato * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19*2e322d37SHiroki Sato * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 20*2e322d37SHiroki Sato * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21*2e322d37SHiroki Sato * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22*2e322d37SHiroki Sato * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23*2e322d37SHiroki Sato * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24*2e322d37SHiroki Sato * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25*2e322d37SHiroki Sato * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26*2e322d37SHiroki Sato * POSSIBILITY OF SUCH DAMAGE. 27dfdcada3SDoug Rabson */ 28dfdcada3SDoug Rabson 29dfdcada3SDoug Rabson #if defined(LIBC_SCCS) && !defined(lint) 30dfdcada3SDoug Rabson static char *sccsid2 = "@(#)svc_auth_unix.c 1.28 88/02/08 Copyr 1984 Sun Micro"; 31dfdcada3SDoug Rabson static char *sccsid = "@(#)svc_auth_unix.c 2.3 88/08/01 4.0 RPCSRC"; 32dfdcada3SDoug Rabson #endif 33dfdcada3SDoug Rabson #include <sys/cdefs.h> 34dfdcada3SDoug Rabson __FBSDID("$FreeBSD$"); 35dfdcada3SDoug Rabson 36dfdcada3SDoug Rabson /* 37dfdcada3SDoug Rabson * svc_auth_unix.c 38dfdcada3SDoug Rabson * Handles UNIX flavor authentication parameters on the service side of rpc. 39dfdcada3SDoug Rabson * There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT. 40dfdcada3SDoug Rabson * _svcauth_unix does full blown unix style uid,gid+gids auth, 41dfdcada3SDoug Rabson * _svcauth_short uses a shorthand auth to index into a cache of longhand auths. 42dfdcada3SDoug Rabson * Note: the shorthand has been gutted for efficiency. 43dfdcada3SDoug Rabson * 44dfdcada3SDoug Rabson * Copyright (C) 1984, Sun Microsystems, Inc. 45dfdcada3SDoug Rabson */ 46dfdcada3SDoug Rabson 47dfdcada3SDoug Rabson #include <sys/param.h> 48dfdcada3SDoug Rabson #include <sys/lock.h> 49dfdcada3SDoug Rabson #include <sys/mutex.h> 50dfdcada3SDoug Rabson #include <sys/systm.h> 51dfdcada3SDoug Rabson #include <sys/ucred.h> 52dfdcada3SDoug Rabson 53dfdcada3SDoug Rabson #include <rpc/rpc.h> 54dfdcada3SDoug Rabson 55ee31b83aSDoug Rabson #include <rpc/rpc_com.h> 56dfdcada3SDoug Rabson 57dfdcada3SDoug Rabson #define MAX_MACHINE_NAME 255 58dfdcada3SDoug Rabson #define NGRPS 16 59dfdcada3SDoug Rabson 60dfdcada3SDoug Rabson /* 61dfdcada3SDoug Rabson * Unix longhand authenticator 62dfdcada3SDoug Rabson */ 63dfdcada3SDoug Rabson enum auth_stat 64dfdcada3SDoug Rabson _svcauth_unix(struct svc_req *rqst, struct rpc_msg *msg) 65dfdcada3SDoug Rabson { 66dfdcada3SDoug Rabson enum auth_stat stat; 67dfdcada3SDoug Rabson XDR xdrs; 68dfdcada3SDoug Rabson int32_t *buf; 69dfdcada3SDoug Rabson uint32_t time; 70dfdcada3SDoug Rabson struct xucred *xcr; 71dfdcada3SDoug Rabson u_int auth_len; 72dfdcada3SDoug Rabson size_t str_len, gid_len; 73dfdcada3SDoug Rabson u_int i; 74dfdcada3SDoug Rabson 75dfdcada3SDoug Rabson xcr = rqst->rq_clntcred; 76dfdcada3SDoug Rabson auth_len = (u_int)msg->rm_call.cb_cred.oa_length; 77dfdcada3SDoug Rabson xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len, 78dfdcada3SDoug Rabson XDR_DECODE); 79dfdcada3SDoug Rabson buf = XDR_INLINE(&xdrs, auth_len); 80dfdcada3SDoug Rabson if (buf != NULL) { 81dfdcada3SDoug Rabson time = IXDR_GET_UINT32(buf); 82dfdcada3SDoug Rabson str_len = (size_t)IXDR_GET_UINT32(buf); 83dfdcada3SDoug Rabson if (str_len > MAX_MACHINE_NAME) { 84dfdcada3SDoug Rabson stat = AUTH_BADCRED; 85dfdcada3SDoug Rabson goto done; 86dfdcada3SDoug Rabson } 87dfdcada3SDoug Rabson str_len = RNDUP(str_len); 88dfdcada3SDoug Rabson buf += str_len / sizeof (int32_t); 89dfdcada3SDoug Rabson xcr->cr_uid = IXDR_GET_UINT32(buf); 90dfdcada3SDoug Rabson xcr->cr_groups[0] = IXDR_GET_UINT32(buf); 91dfdcada3SDoug Rabson gid_len = (size_t)IXDR_GET_UINT32(buf); 92dfdcada3SDoug Rabson if (gid_len > NGRPS) { 93dfdcada3SDoug Rabson stat = AUTH_BADCRED; 94dfdcada3SDoug Rabson goto done; 95dfdcada3SDoug Rabson } 96dfdcada3SDoug Rabson for (i = 0; i < gid_len; i++) { 97838d9858SBrooks Davis if (i + 1 < XU_NGROUPS) 98dfdcada3SDoug Rabson xcr->cr_groups[i + 1] = IXDR_GET_INT32(buf); 99dfdcada3SDoug Rabson else 100dfdcada3SDoug Rabson buf++; 101dfdcada3SDoug Rabson } 102838d9858SBrooks Davis if (gid_len + 1 > XU_NGROUPS) 103838d9858SBrooks Davis xcr->cr_ngroups = XU_NGROUPS; 104dfdcada3SDoug Rabson else 105dfdcada3SDoug Rabson xcr->cr_ngroups = gid_len + 1; 106dfdcada3SDoug Rabson 107dfdcada3SDoug Rabson /* 108dfdcada3SDoug Rabson * five is the smallest unix credentials structure - 109dfdcada3SDoug Rabson * timestamp, hostname len (0), uid, gid, and gids len (0). 110dfdcada3SDoug Rabson */ 111dfdcada3SDoug Rabson if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { 112dfdcada3SDoug Rabson (void) printf("bad auth_len gid %ld str %ld auth %u\n", 113dfdcada3SDoug Rabson (long)gid_len, (long)str_len, auth_len); 114dfdcada3SDoug Rabson stat = AUTH_BADCRED; 115dfdcada3SDoug Rabson goto done; 116dfdcada3SDoug Rabson } 117dfdcada3SDoug Rabson } else if (! xdr_authunix_parms(&xdrs, &time, xcr)) { 118dfdcada3SDoug Rabson stat = AUTH_BADCRED; 119dfdcada3SDoug Rabson goto done; 120dfdcada3SDoug Rabson } 121dfdcada3SDoug Rabson 122a9148abdSDoug Rabson rqst->rq_verf = _null_auth; 123dfdcada3SDoug Rabson stat = AUTH_OK; 124dfdcada3SDoug Rabson done: 125dfdcada3SDoug Rabson XDR_DESTROY(&xdrs); 126dfdcada3SDoug Rabson 127dfdcada3SDoug Rabson return (stat); 128dfdcada3SDoug Rabson } 129dfdcada3SDoug Rabson 130dfdcada3SDoug Rabson 131dfdcada3SDoug Rabson /* 132dfdcada3SDoug Rabson * Shorthand unix authenticator 133dfdcada3SDoug Rabson * Looks up longhand in a cache. 134dfdcada3SDoug Rabson */ 135dfdcada3SDoug Rabson /*ARGSUSED*/ 136dfdcada3SDoug Rabson enum auth_stat 137dfdcada3SDoug Rabson _svcauth_short(rqst, msg) 138dfdcada3SDoug Rabson struct svc_req *rqst; 139dfdcada3SDoug Rabson struct rpc_msg *msg; 140dfdcada3SDoug Rabson { 141dfdcada3SDoug Rabson return (AUTH_REJECTEDCRED); 142dfdcada3SDoug Rabson } 143