1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright (c) 1997-2000, by Sun Microsystems Inc. 24 * All rights reserved. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 /* 30 * svc_auth_loopb.c 31 * Handles the loopback UNIX flavor authentication parameters on the 32 * service side of rpc. 33 */ 34 35 #include <stdio.h> 36 #include <rpc/rpc.h> 37 #include <syslog.h> 38 #include <sys/types.h> 39 40 /* 41 * Loopback system (Unix) longhand authenticator 42 */ 43 enum auth_stat 44 __svcauth_loopback(struct svc_req *rqst, struct rpc_msg *msg) 45 { 46 enum auth_stat stat; 47 XDR xdrs; 48 struct authsys_parms *aup; 49 rpc_inline_t *buf; 50 struct area { 51 struct authsys_parms area_aup; 52 char area_machname[MAX_MACHINE_NAME+1]; 53 gid_t area_gids[NGRPS_LOOPBACK]; 54 } *area; 55 size_t auth_len; 56 size_t str_len, gid_len; 57 int i; 58 59 area = (struct area *)rqst->rq_clntcred; 60 aup = &area->area_aup; 61 aup->aup_machname = area->area_machname; 62 aup->aup_gids = area->area_gids; 63 auth_len = (size_t)msg->rm_call.cb_cred.oa_length; 64 if (auth_len == 0) 65 return (AUTH_BADCRED); 66 xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len, 67 XDR_DECODE); 68 buf = XDR_INLINE(&xdrs, auth_len); 69 if (buf != NULL) { 70 aup->aup_time = IXDR_GET_INT32(buf); 71 str_len = IXDR_GET_U_INT32(buf); 72 if (str_len > MAX_MACHINE_NAME) { 73 stat = AUTH_BADCRED; 74 goto done; 75 } 76 (void) memcpy(aup->aup_machname, buf, str_len); 77 aup->aup_machname[str_len] = 0; 78 str_len = RNDUP(str_len); 79 buf += str_len / sizeof (int); 80 aup->aup_uid = IXDR_GET_INT32(buf); 81 aup->aup_gid = IXDR_GET_INT32(buf); 82 gid_len = IXDR_GET_U_INT32(buf); 83 if (gid_len > NGRPS_LOOPBACK) { 84 stat = AUTH_BADCRED; 85 goto done; 86 } 87 aup->aup_len = gid_len; 88 for (i = 0; i < gid_len; i++) { 89 aup->aup_gids[i] = (gid_t)IXDR_GET_INT32(buf); 90 } 91 /* 92 * five is the smallest unix credentials structure - 93 * timestamp, hostname len (0), uid, gid, and gids len (0). 94 */ 95 if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { 96 #ifdef KERNEL 97 printf("bad auth_len gid %lu str %lu auth %lu", 98 gid_len, str_len, auth_len); 99 #else 100 (void) syslog(LOG_ERR, 101 "bad auth_len gid %lu str %lu auth %lu", 102 gid_len, str_len, auth_len); 103 #endif 104 stat = AUTH_BADCRED; 105 goto done; 106 } 107 } else if (!xdr_authloopback_parms(&xdrs, aup)) { 108 xdrs.x_op = XDR_FREE; 109 (void) xdr_authloopback_parms(&xdrs, aup); 110 stat = AUTH_BADCRED; 111 goto done; 112 } 113 rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL; 114 rqst->rq_xprt->xp_verf.oa_length = 0; 115 stat = AUTH_OK; 116 done: 117 XDR_DESTROY(&xdrs); 118 return (stat); 119 } 120