1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 23 /* 24 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 25 * Use is subject to license terms. 26 */ 27 28 #pragma ident "%Z%%M% %I% %E% SMI" 29 30 /* 31 * svc_auth_loopb.c 32 * Handles the loopback UNIX flavor authentication parameters on the 33 * service side of rpc. 34 */ 35 36 #include <stdio.h> 37 #include <rpc/rpc.h> 38 #include <syslog.h> 39 #include <sys/types.h> 40 41 /* 42 * Loopback system (Unix) longhand authenticator 43 */ 44 enum auth_stat 45 __svcauth_loopback(struct svc_req *rqst, struct rpc_msg *msg) 46 { 47 enum auth_stat stat; 48 XDR xdrs; 49 struct authsys_parms *aup; 50 rpc_inline_t *buf; 51 struct area { 52 struct authsys_parms area_aup; 53 char area_machname[MAX_MACHINE_NAME+1]; 54 gid_t area_gids[NGRPS_LOOPBACK]; 55 } *area; 56 size_t auth_len; 57 size_t str_len, gid_len; 58 int i; 59 60 /* LINTED pointer cast */ 61 area = (struct area *)rqst->rq_clntcred; 62 aup = &area->area_aup; 63 aup->aup_machname = area->area_machname; 64 aup->aup_gids = area->area_gids; 65 auth_len = (size_t)msg->rm_call.cb_cred.oa_length; 66 if (auth_len == 0) 67 return (AUTH_BADCRED); 68 xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len, 69 XDR_DECODE); 70 buf = XDR_INLINE(&xdrs, auth_len); 71 if (buf != NULL) { 72 aup->aup_time = IXDR_GET_INT32(buf); 73 str_len = IXDR_GET_U_INT32(buf); 74 if (str_len > MAX_MACHINE_NAME) { 75 stat = AUTH_BADCRED; 76 goto done; 77 } 78 (void) memcpy(aup->aup_machname, buf, str_len); 79 aup->aup_machname[str_len] = 0; 80 str_len = RNDUP(str_len); 81 buf += str_len / sizeof (int); 82 aup->aup_uid = IXDR_GET_INT32(buf); 83 aup->aup_gid = IXDR_GET_INT32(buf); 84 gid_len = IXDR_GET_U_INT32(buf); 85 if (gid_len > NGRPS_LOOPBACK) { 86 stat = AUTH_BADCRED; 87 goto done; 88 } 89 aup->aup_len = gid_len; 90 for (i = 0; i < gid_len; i++) { 91 aup->aup_gids[i] = (gid_t)IXDR_GET_INT32(buf); 92 } 93 /* 94 * five is the smallest unix credentials structure - 95 * timestamp, hostname len (0), uid, gid, and gids len (0). 96 */ 97 if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { 98 (void) syslog(LOG_ERR, 99 "bad auth_len gid %lu str %lu auth %lu", 100 gid_len, str_len, auth_len); 101 stat = AUTH_BADCRED; 102 goto done; 103 } 104 } else if (!xdr_authloopback_parms(&xdrs, aup)) { 105 xdrs.x_op = XDR_FREE; 106 (void) xdr_authloopback_parms(&xdrs, aup); 107 stat = AUTH_BADCRED; 108 goto done; 109 } 110 rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL; 111 rqst->rq_xprt->xp_verf.oa_length = 0; 112 stat = AUTH_OK; 113 done: 114 XDR_DESTROY(&xdrs); 115 return (stat); 116 } 117