1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <stdio.h> 30 #include <stdlib.h> 31 #include <sys/types.h> 32 #include <string.h> 33 #include <sys/param.h> 34 #include <sys/stat.h> 35 #include <sys/file.h> 36 #include <sys/time.h> 37 #include <sys/errno.h> 38 #include <rpcsvc/mount.h> 39 #include <sys/pathconf.h> 40 #include <sys/systeminfo.h> 41 #include <sys/utsname.h> 42 #include <arpa/inet.h> 43 #include <signal.h> 44 #include <syslog.h> 45 #include <locale.h> 46 #include <unistd.h> 47 #include <thread.h> 48 #include <netdir.h> 49 #include <nfs/auth.h> 50 #include <sharefs/share.h> 51 #include "../lib/sharetab.h" 52 #include "mountd.h" 53 54 static void 55 nfsauth_access(auth_req *argp, auth_res *result) 56 { 57 struct netconfig *nconf; 58 struct nd_hostservlist *clnames = NULL; 59 struct netbuf nbuf; 60 struct share *sh; 61 char tmp[MAXIPADDRLEN]; 62 char *host = NULL; 63 64 result->auth_perm = NFSAUTH_DENIED; 65 66 /* 67 * Convert the client's address to a hostname 68 */ 69 nconf = getnetconfigent(argp->req_netid); 70 if (nconf == NULL) { 71 syslog(LOG_ERR, "No netconfig entry for %s", argp->req_netid); 72 return; 73 } 74 75 nbuf.len = argp->req_client.n_len; 76 nbuf.buf = argp->req_client.n_bytes; 77 78 if (netdir_getbyaddr(nconf, &clnames, &nbuf)) { 79 host = &tmp[0]; 80 if (strcmp(nconf->nc_protofmly, NC_INET) == 0) { 81 struct sockaddr_in *sa; 82 83 /* LINTED pointer alignment */ 84 sa = (struct sockaddr_in *)nbuf.buf; 85 (void) inet_ntoa_r(sa->sin_addr, tmp); 86 } else if (strcmp(nconf->nc_protofmly, NC_INET6) == 0) { 87 struct sockaddr_in6 *sa; 88 /* LINTED pointer */ 89 sa = (struct sockaddr_in6 *)nbuf.buf; 90 (void) inet_ntop(AF_INET6, sa->sin6_addr.s6_addr, 91 tmp, INET6_ADDRSTRLEN); 92 } 93 clnames = anon_client(host); 94 } 95 96 /* 97 * Now find the export 98 */ 99 sh = findentry(argp->req_path); 100 if (sh == NULL) { 101 syslog(LOG_ERR, "%s not exported", argp->req_path); 102 goto done; 103 } 104 105 result->auth_perm = check_client(sh, &nbuf, clnames, argp->req_flavor); 106 107 sharefree(sh); 108 109 if (result->auth_perm == NFSAUTH_DENIED) { 110 syslog(LOG_ERR, "%s denied access to %s", 111 clnames->h_hostservs[0].h_host, argp->req_path); 112 } 113 114 done: 115 freenetconfigent(nconf); 116 if (clnames) 117 netdir_free(clnames, ND_HOSTSERVLIST); 118 } 119 120 void 121 nfsauth_func(void *cookie, char *dataptr, size_t arg_size, 122 door_desc_t *dp, uint_t n_desc) 123 124 { 125 nfsauth_arg_t *ap; 126 nfsauth_res_t res = {0}; 127 nfsauth_res_t *rp = &res; 128 XDR xdrs_a; 129 XDR xdrs_r; 130 caddr_t abuf = dataptr; 131 size_t absz = arg_size; 132 size_t rbsz = (size_t)(BYTES_PER_XDR_UNIT * 2); 133 char result[BYTES_PER_XDR_UNIT * 2]; 134 caddr_t rbuf = (caddr_t)&result; 135 varg_t varg = {0}; 136 137 /* 138 * Decode the inbound door data, so we can look at the cmd. 139 */ 140 xdrmem_create(&xdrs_a, abuf, absz, XDR_DECODE); 141 if (!xdr_varg(&xdrs_a, &varg)) { 142 /* 143 * If the arguments can't be decoded, bail. 144 */ 145 if (varg.vers == V_ERROR) 146 syslog(LOG_ERR, gettext("Arg version mismatch")); 147 res.stat = NFSAUTH_DR_DECERR; 148 goto encres; 149 } 150 151 /* 152 * Now set the args pointer to the proper version of the args 153 */ 154 switch (varg.vers) { 155 case V_PROTO: 156 ap = &varg.arg_u.arg; 157 break; 158 159 /* Additional arguments versions go here */ 160 161 default: 162 syslog(LOG_ERR, gettext("Invalid args version")); 163 goto encres; 164 } 165 166 /* 167 * Call the specified cmd 168 */ 169 switch (ap->cmd) { 170 case NFSAUTH_ACCESS: 171 nfsauth_access(&ap->areq, &rp->ares); 172 rp->stat = NFSAUTH_DR_OKAY; 173 break; 174 default: 175 rp->stat = NFSAUTH_DR_BADCMD; 176 break; 177 } 178 179 encres: 180 /* 181 * Free space used to decode the args 182 */ 183 xdrs_a.x_op = XDR_FREE; 184 (void) xdr_varg(&xdrs_a, &varg); 185 xdr_destroy(&xdrs_a); 186 187 /* 188 * Encode the results before passing thru door. 189 * 190 * The result (nfsauth_res_t) is always two int's, so we don't 191 * have to dynamically size (or allocate) the results buffer. 192 */ 193 xdrmem_create(&xdrs_r, rbuf, rbsz, XDR_ENCODE); 194 if (!xdr_nfsauth_res(&xdrs_r, rp)) { 195 /* 196 * return only the status code 197 */ 198 rp->stat = NFSAUTH_DR_EFAIL; 199 rbsz = sizeof (uint_t); 200 *rbuf = (uint_t)rp->stat; 201 } 202 xdr_destroy(&xdrs_r); 203 204 (void) door_return((char *)rbuf, rbsz, NULL, 0); 205 (void) door_return(NULL, 0, NULL, 0); 206 /* NOTREACHED */ 207 } 208