xref: /illumos-gate/usr/src/cmd/fs.d/nfs/mountd/nfsauth.c (revision 4870e0a7381ec2ec57437062574e6ddc3dd48d7f) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
24  */
25 
26 /*
27  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
28  * Use is subject to license terms.
29  */
30 
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <sys/types.h>
34 #include <string.h>
35 #include <sys/param.h>
36 #include <sys/stat.h>
37 #include <sys/file.h>
38 #include <sys/time.h>
39 #include <sys/errno.h>
40 #include <rpcsvc/mount.h>
41 #include <sys/pathconf.h>
42 #include <sys/systeminfo.h>
43 #include <sys/utsname.h>
44 #include <arpa/inet.h>
45 #include <signal.h>
46 #include <syslog.h>
47 #include <locale.h>
48 #include <unistd.h>
49 #include <thread.h>
50 #include <netdir.h>
51 #include <nfs/auth.h>
52 #include <sharefs/share.h>
53 #include <alloca.h>
54 #include "../lib/sharetab.h"
55 #include "mountd.h"
56 
57 static void
58 nfsauth_access(auth_req *argp, auth_res *result)
59 {
60 	struct netbuf nbuf;
61 	struct share *sh;
62 
63 	struct cln cln;
64 
65 	result->auth_perm = NFSAUTH_DENIED;
66 
67 	nbuf.len = argp->req_client.n_len;
68 	nbuf.buf = argp->req_client.n_bytes;
69 
70 	if (nbuf.len == 0 || nbuf.buf == NULL)
71 		return;
72 
73 	/*
74 	 * Find the export
75 	 */
76 	sh = findentry(argp->req_path);
77 	if (sh == NULL) {
78 		syslog(LOG_ERR, "%s not exported", argp->req_path);
79 		return;
80 	}
81 
82 	cln_init_lazy(&cln, argp->req_netid, &nbuf);
83 
84 	result->auth_perm = check_client(sh, &cln, argp->req_flavor,
85 	    argp->req_clnt_uid, argp->req_clnt_gid, argp->req_clnt_gids.len,
86 	    argp->req_clnt_gids.val, &result->auth_srv_uid,
87 	    &result->auth_srv_gid, &result->auth_srv_gids.len,
88 	    &result->auth_srv_gids.val);
89 
90 	sharefree(sh);
91 
92 	if (result->auth_perm == NFSAUTH_DENIED) {
93 		char *host = cln_gethost(&cln);
94 		if (host != NULL)
95 			syslog(LOG_ERR, "%s denied access to %s", host,
96 			    argp->req_path);
97 	}
98 
99 	cln_fini(&cln);
100 }
101 
102 void
103 nfsauth_func(void *cookie, char *dataptr, size_t arg_size,
104 	door_desc_t *dp, uint_t n_desc)
105 
106 {
107 	nfsauth_arg_t	*ap;
108 	nfsauth_res_t	 res = {0};
109 	XDR		 xdrs_a;
110 	XDR		 xdrs_r;
111 	size_t		 rbsz;
112 	caddr_t		 rbuf;
113 	varg_t		 varg = {0};
114 
115 	/*
116 	 * Decode the inbound door data, so we can look at the cmd.
117 	 */
118 	xdrmem_create(&xdrs_a, dataptr, arg_size, XDR_DECODE);
119 	if (!xdr_varg(&xdrs_a, &varg)) {
120 		/*
121 		 * If the arguments can't be decoded, bail.
122 		 */
123 		if (varg.vers == V_ERROR)
124 			syslog(LOG_ERR, gettext("Arg version mismatch"));
125 		res.stat = NFSAUTH_DR_DECERR;
126 		goto encres;
127 	}
128 
129 	/*
130 	 * Now set the args pointer to the proper version of the args
131 	 */
132 	switch (varg.vers) {
133 	case V_PROTO:
134 		ap = &varg.arg_u.arg;
135 		break;
136 
137 	/* Additional arguments versions go here */
138 
139 	default:
140 		syslog(LOG_ERR, gettext("Invalid args version"));
141 		res.stat = NFSAUTH_DR_DECERR;
142 		goto encres;
143 	}
144 
145 	/*
146 	 * Call the specified cmd
147 	 */
148 	switch (ap->cmd) {
149 	case NFSAUTH_ACCESS:
150 		nfsauth_access(&ap->areq, &res.ares);
151 		res.stat = NFSAUTH_DR_OKAY;
152 		break;
153 	default:
154 		res.stat = NFSAUTH_DR_BADCMD;
155 		break;
156 	}
157 
158 encres:
159 	/*
160 	 * Free space used to decode the args
161 	 */
162 	xdr_free(xdr_varg, (char *)&varg);
163 	xdr_destroy(&xdrs_a);
164 
165 	/*
166 	 * Encode the results before passing thru door.
167 	 */
168 	rbsz = xdr_sizeof(xdr_nfsauth_res, &res);
169 	if (rbsz == 0)
170 		goto failed;
171 	rbuf = alloca(rbsz);
172 
173 	xdrmem_create(&xdrs_r, rbuf, rbsz, XDR_ENCODE);
174 	if (!xdr_nfsauth_res(&xdrs_r, &res)) {
175 		xdr_destroy(&xdrs_r);
176 failed:
177 		xdr_free(xdr_nfsauth_res, (char *)&res);
178 		/*
179 		 * return only the status code
180 		 */
181 		res.stat = NFSAUTH_DR_EFAIL;
182 		rbsz = sizeof (uint_t);
183 		rbuf = (caddr_t)&res.stat;
184 
185 		goto out;
186 	}
187 	xdr_destroy(&xdrs_r);
188 	xdr_free(xdr_nfsauth_res, (char *)&res);
189 
190 out:
191 	(void) door_return((char *)rbuf, rbsz, NULL, 0);
192 	(void) door_return(NULL, 0, NULL, 0);
193 	/* NOTREACHED */
194 }
195