1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <stdio.h> 29 #include <stdlib.h> 30 #include <sys/types.h> 31 #include <string.h> 32 #include <sys/param.h> 33 #include <sys/stat.h> 34 #include <sys/file.h> 35 #include <sys/time.h> 36 #include <sys/errno.h> 37 #include <rpcsvc/mount.h> 38 #include <sys/pathconf.h> 39 #include <sys/systeminfo.h> 40 #include <sys/utsname.h> 41 #include <arpa/inet.h> 42 #include <signal.h> 43 #include <syslog.h> 44 #include <locale.h> 45 #include <unistd.h> 46 #include <thread.h> 47 #include <netdir.h> 48 #include <nfs/auth.h> 49 #include "../lib/sharetab.h" 50 #include "mountd.h" 51 52 static void 53 nfsauth_access(auth_req *argp, auth_res *result) 54 { 55 struct netconfig *nconf; 56 struct nd_hostservlist *clnames = NULL; 57 struct netbuf nbuf; 58 struct share *sh; 59 char tmp[MAXIPADDRLEN]; 60 char *host = NULL; 61 62 result->auth_perm = NFSAUTH_DENIED; 63 64 /* 65 * Convert the client's address to a hostname 66 */ 67 nconf = getnetconfigent(argp->req_netid); 68 if (nconf == NULL) { 69 syslog(LOG_ERR, "No netconfig entry for %s", argp->req_netid); 70 return; 71 } 72 73 nbuf.len = argp->req_client.n_len; 74 nbuf.buf = argp->req_client.n_bytes; 75 76 if (netdir_getbyaddr(nconf, &clnames, &nbuf)) { 77 host = &tmp[0]; 78 if (strcmp(nconf->nc_protofmly, NC_INET) == 0) { 79 struct sockaddr_in *sa; 80 81 /* LINTED pointer alignment */ 82 sa = (struct sockaddr_in *)nbuf.buf; 83 (void) inet_ntoa_r(sa->sin_addr, tmp); 84 } else if (strcmp(nconf->nc_protofmly, NC_INET6) == 0) { 85 struct sockaddr_in6 *sa; 86 /* LINTED pointer */ 87 sa = (struct sockaddr_in6 *)nbuf.buf; 88 (void) inet_ntop(AF_INET6, sa->sin6_addr.s6_addr, 89 tmp, INET6_ADDRSTRLEN); 90 } 91 clnames = anon_client(host); 92 } 93 94 /* 95 * Now find the export 96 */ 97 sh = findentry(argp->req_path); 98 if (sh == NULL) { 99 syslog(LOG_ERR, "%s not exported", argp->req_path); 100 goto done; 101 } 102 103 result->auth_perm = check_client(sh, &nbuf, clnames, argp->req_flavor); 104 105 sharefree(sh); 106 107 if (result->auth_perm == NFSAUTH_DENIED) { 108 syslog(LOG_ERR, "%s denied access to %s", 109 clnames->h_hostservs[0].h_host, argp->req_path); 110 } 111 112 done: 113 freenetconfigent(nconf); 114 if (clnames) 115 netdir_free(clnames, ND_HOSTSERVLIST); 116 } 117 118 void 119 nfsauth_func(void *cookie, char *dataptr, size_t arg_size, 120 door_desc_t *dp, uint_t n_desc) 121 122 { 123 nfsauth_arg_t *ap; 124 nfsauth_res_t res = {0}; 125 nfsauth_res_t *rp = &res; 126 XDR xdrs_a; 127 XDR xdrs_r; 128 caddr_t abuf = dataptr; 129 size_t absz = arg_size; 130 size_t rbsz = (size_t)(BYTES_PER_XDR_UNIT * 2); 131 char result[BYTES_PER_XDR_UNIT * 2]; 132 caddr_t rbuf = (caddr_t)&result; 133 varg_t varg = {0}; 134 135 /* 136 * Decode the inbound door data, so we can look at the cmd. 137 */ 138 xdrmem_create(&xdrs_a, abuf, absz, XDR_DECODE); 139 if (!xdr_varg(&xdrs_a, &varg)) { 140 /* 141 * If the arguments can't be decoded, bail. 142 */ 143 if (varg.vers == V_ERROR) 144 syslog(LOG_ERR, gettext("Arg version mismatch")); 145 res.stat = NFSAUTH_DR_DECERR; 146 goto encres; 147 } 148 149 /* 150 * Now set the args pointer to the proper version of the args 151 */ 152 switch (varg.vers) { 153 case V_PROTO: 154 ap = &varg.arg_u.arg; 155 break; 156 157 /* Additional arguments versions go here */ 158 159 default: 160 syslog(LOG_ERR, gettext("Invalid args version")); 161 goto encres; 162 } 163 164 /* 165 * Call the specified cmd 166 */ 167 switch (ap->cmd) { 168 case NFSAUTH_ACCESS: 169 nfsauth_access(&ap->areq, &rp->ares); 170 rp->stat = NFSAUTH_DR_OKAY; 171 break; 172 default: 173 rp->stat = NFSAUTH_DR_BADCMD; 174 break; 175 } 176 177 encres: 178 /* 179 * Free space used to decode the args 180 */ 181 xdrs_a.x_op = XDR_FREE; 182 (void) xdr_varg(&xdrs_a, &varg); 183 xdr_destroy(&xdrs_a); 184 185 /* 186 * Encode the results before passing thru door. 187 * 188 * The result (nfsauth_res_t) is always two int's, so we don't 189 * have to dynamically size (or allocate) the results buffer. 190 */ 191 xdrmem_create(&xdrs_r, rbuf, rbsz, XDR_ENCODE); 192 if (!xdr_nfsauth_res(&xdrs_r, rp)) { 193 /* 194 * return only the status code 195 */ 196 rp->stat = NFSAUTH_DR_EFAIL; 197 rbsz = sizeof (uint_t); 198 *rbuf = (uint_t)rp->stat; 199 } 200 xdr_destroy(&xdrs_r); 201 202 (void) door_return((char *)rbuf, rbsz, NULL, 0); 203 (void) door_return(NULL, 0, NULL, 0); 204 /* NOTREACHED */ 205 } 206