xref: /illumos-gate/usr/src/cmd/fs.d/nfs/mountd/nfsauth.c (revision 34841cc2abc43146ada78560d5f179be666acbda)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <sys/types.h>
30 #include <string.h>
31 #include <sys/param.h>
32 #include <sys/stat.h>
33 #include <sys/file.h>
34 #include <sys/time.h>
35 #include <sys/errno.h>
36 #include <rpcsvc/mount.h>
37 #include <sys/pathconf.h>
38 #include <sys/systeminfo.h>
39 #include <sys/utsname.h>
40 #include <arpa/inet.h>
41 #include <signal.h>
42 #include <syslog.h>
43 #include <locale.h>
44 #include <unistd.h>
45 #include <thread.h>
46 #include <netdir.h>
47 #include <nfs/auth.h>
48 #include <sharefs/share.h>
49 #include "../lib/sharetab.h"
50 #include "mountd.h"
51 
52 static void
53 nfsauth_access(auth_req *argp, auth_res *result)
54 {
55 	struct netconfig *nconf;
56 	struct nd_hostservlist *clnames = NULL;
57 	struct netbuf nbuf;
58 	struct share *sh;
59 	char tmp[MAXIPADDRLEN];
60 	char *host = NULL;
61 
62 	result->auth_perm = NFSAUTH_DENIED;
63 
64 	/*
65 	 * Convert the client's address to a hostname
66 	 */
67 	nconf = getnetconfigent(argp->req_netid);
68 	if (nconf == NULL) {
69 		syslog(LOG_ERR, "No netconfig entry for %s", argp->req_netid);
70 		return;
71 	}
72 
73 	nbuf.len = argp->req_client.n_len;
74 	nbuf.buf = argp->req_client.n_bytes;
75 
76 	if (nbuf.len == 0 || nbuf.buf == NULL)
77 		return;
78 
79 	if (netdir_getbyaddr(nconf, &clnames, &nbuf)) {
80 		host = &tmp[0];
81 		if (strcmp(nconf->nc_protofmly, NC_INET) == 0) {
82 			struct sockaddr_in *sa;
83 
84 			/* LINTED pointer alignment */
85 			sa = (struct sockaddr_in *)nbuf.buf;
86 			(void) inet_ntoa_r(sa->sin_addr, tmp);
87 		} else if (strcmp(nconf->nc_protofmly, NC_INET6) == 0) {
88 			struct sockaddr_in6 *sa;
89 			/* LINTED pointer */
90 			sa = (struct sockaddr_in6 *)nbuf.buf;
91 			(void) inet_ntop(AF_INET6, sa->sin6_addr.s6_addr,
92 			    tmp, INET6_ADDRSTRLEN);
93 		}
94 		clnames = anon_client(host);
95 	}
96 
97 	/*
98 	 * Now find the export
99 	 */
100 	sh = findentry(argp->req_path);
101 	if (sh == NULL) {
102 		syslog(LOG_ERR, "%s not exported", argp->req_path);
103 		goto done;
104 	}
105 
106 	result->auth_perm = check_client(sh, &nbuf, clnames, argp->req_flavor);
107 
108 	sharefree(sh);
109 
110 	if (result->auth_perm == NFSAUTH_DENIED) {
111 		syslog(LOG_ERR, "%s denied access to %s",
112 		    clnames->h_hostservs[0].h_host, argp->req_path);
113 	}
114 
115 done:
116 	freenetconfigent(nconf);
117 	if (clnames)
118 		netdir_free(clnames, ND_HOSTSERVLIST);
119 }
120 
121 void
122 nfsauth_func(void *cookie, char *dataptr, size_t arg_size,
123 	door_desc_t *dp, uint_t n_desc)
124 
125 {
126 	nfsauth_arg_t	*ap;
127 	nfsauth_res_t	 res = {0};
128 	nfsauth_res_t	*rp = &res;
129 	XDR		 xdrs_a;
130 	XDR		 xdrs_r;
131 	caddr_t		 abuf = dataptr;
132 	size_t		 absz = arg_size;
133 	size_t		 rbsz = (size_t)(BYTES_PER_XDR_UNIT * 2);
134 	char		 result[BYTES_PER_XDR_UNIT * 2];
135 	caddr_t		 rbuf = (caddr_t)&result;
136 	varg_t		 varg = {0};
137 
138 	/*
139 	 * Decode the inbound door data, so we can look at the cmd.
140 	 */
141 	xdrmem_create(&xdrs_a, abuf, absz, XDR_DECODE);
142 	if (!xdr_varg(&xdrs_a, &varg)) {
143 		/*
144 		 * If the arguments can't be decoded, bail.
145 		 */
146 		if (varg.vers == V_ERROR)
147 			syslog(LOG_ERR, gettext("Arg version mismatch"));
148 		res.stat = NFSAUTH_DR_DECERR;
149 		goto encres;
150 	}
151 
152 	/*
153 	 * Now set the args pointer to the proper version of the args
154 	 */
155 	switch (varg.vers) {
156 	case V_PROTO:
157 		ap = &varg.arg_u.arg;
158 		break;
159 
160 		/* Additional arguments versions go here */
161 
162 	default:
163 		syslog(LOG_ERR, gettext("Invalid args version"));
164 		goto encres;
165 	}
166 
167 	/*
168 	 * Call the specified cmd
169 	 */
170 	switch (ap->cmd) {
171 		case NFSAUTH_ACCESS:
172 			nfsauth_access(&ap->areq, &rp->ares);
173 			rp->stat = NFSAUTH_DR_OKAY;
174 			break;
175 		default:
176 			rp->stat = NFSAUTH_DR_BADCMD;
177 			break;
178 	}
179 
180 encres:
181 	/*
182 	 * Free space used to decode the args
183 	 */
184 	xdrs_a.x_op = XDR_FREE;
185 	(void) xdr_varg(&xdrs_a, &varg);
186 	xdr_destroy(&xdrs_a);
187 
188 	/*
189 	 * Encode the results before passing thru door.
190 	 *
191 	 * The result (nfsauth_res_t) is always two int's, so we don't
192 	 * have to dynamically size (or allocate) the results buffer.
193 	 */
194 	xdrmem_create(&xdrs_r, rbuf, rbsz, XDR_ENCODE);
195 	if (!xdr_nfsauth_res(&xdrs_r, rp)) {
196 		/*
197 		 * return only the status code
198 		 */
199 		rp->stat = NFSAUTH_DR_EFAIL;
200 		rbsz = sizeof (uint_t);
201 		*rbuf = (uint_t)rp->stat;
202 	}
203 	xdr_destroy(&xdrs_r);
204 
205 	(void) door_return((char *)rbuf, rbsz, NULL, 0);
206 	(void) door_return(NULL, 0, NULL, 0);
207 	/* NOTREACHED */
208 }
209