1/* $NetBSD: svc_auth.c,v 1.12 2000/07/06 03:10:35 christos Exp $ */
2
3/*
4 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
5 * unrestricted use provided that this legend is included on all tape
6 * media and as a part of the software program in whole or part. Users
7 * may copy or modify Sun RPC without charge, but are not authorized
8 * to license or distribute it to anyone else except as part of a product or
9 * program developed by the user.
10 *
11 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
12 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
13 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
14 *
15 * Sun RPC is provided with no support and without any obligation on the
16 * part of Sun Microsystems, Inc. to assist in its use, correction,
17 * modification or enhancement.
18 *
19 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
20 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
21 * OR ANY PART THEREOF.
22 *
23 * In no event will Sun Microsystems, Inc. be liable for any lost revenue
24 * or profits or other special, indirect and consequential damages, even if
25 * Sun has been advised of the possibility of such damages.
26 *
27 * Sun Microsystems, Inc.
28 * 2550 Garcia Avenue
29 * Mountain View, California 94043
30 */
31/*
32 * Copyright (c) 1986-1991 by Sun Microsystems Inc.
33 */
34
35/* #ident "@(#)svc_auth.c 1.16 94/04/24 SMI" */
36
37#if 0
38#if !defined(lint) && defined(SCCSIDS)
39static char sccsid[] = "@(#)svc_auth.c 1.26 89/02/07 Copyr 1984 Sun Micro";
40static const char rcsid[] = "$FreeBSD: head/lib/libc/rpc/svc_auth.c 74462 2001-03-19 12:50:13Z alfred $";
41#endif
42#endif
43
44/*
45 * svc_auth.c, Server-side rpc authenticator interface.
46 *
47 */
48
49#include "reentrant.h"
50#include "namespace.h"
51#include <sys/types.h>
52#include <rpc/rpc.h>
53#include <stdlib.h>
54#include "un-namespace.h"
55
56/*
57 * svcauthsw is the bdevsw of server side authentication.
58 *
59 * Server side authenticators are called from authenticate by
60 * using the client auth struct flavor field to index into svcauthsw.
61 * The server auth flavors must implement a routine that looks
62 * like:
63 *
64 * enum auth_stat
65 * flavorx_auth(rqst, msg)
66 * struct svc_req *rqst;
67 * struct rpc_msg *msg;
68 *
69 */
70
71/* declarations to allow servers to specify new authentication flavors */
72struct authsvc {
73 int flavor;
74 enum auth_stat (*handler) __P((struct svc_req *, struct rpc_msg *));
75 struct authsvc *next;
76};
77static struct authsvc *Auths = NULL;
78
79/*
80 * The call rpc message, msg has been obtained from the wire. The msg contains
81 * the raw form of credentials and verifiers. authenticate returns AUTH_OK
82 * if the msg is successfully authenticated. If AUTH_OK then the routine also
83 * does the following things:
84 * set rqst->rq_xprt->verf to the appropriate response verifier;
85 * sets rqst->rq_client_cred to the "cooked" form of the credentials.
86 *
87 * NB: rqst->rq_cxprt->verf must be pre-alloctaed;
88 * its length is set appropriately.
89 *
90 * The caller still owns and is responsible for msg->u.cmb.cred and
91 * msg->u.cmb.verf. The authentication system retains ownership of
92 * rqst->rq_client_cred, the cooked credentials.
93 *
94 * There is an assumption that any flavour less than AUTH_NULL is
95 * invalid.
96 */
97enum auth_stat
98_authenticate(rqst, msg)
99 struct svc_req *rqst;
100 struct rpc_msg *msg;
101{
102 int cred_flavor;
103 struct authsvc *asp;
104 enum auth_stat dummy;
105 extern mutex_t authsvc_lock;
106
107/* VARIABLES PROTECTED BY authsvc_lock: asp, Auths */
108
109 rqst->rq_cred = msg->rm_call.cb_cred;
110 rqst->rq_xprt->xp_verf.oa_flavor = _null_auth.oa_flavor;
111 rqst->rq_xprt->xp_verf.oa_length = 0;
112 cred_flavor = rqst->rq_cred.oa_flavor;
113 switch (cred_flavor) {
114 case AUTH_NULL:
115 dummy = _svcauth_null(rqst, msg);
116 return (dummy);
117 case AUTH_SYS:
118 dummy = _svcauth_unix(rqst, msg);
119 return (dummy);
120 case AUTH_SHORT:
121 dummy = _svcauth_short(rqst, msg);
122 return (dummy);
123#ifdef DES_BUILTIN
124 case AUTH_DES:
125 dummy = _svcauth_des(rqst, msg);
126 return (dummy);
127#endif
128 default:
129 break;
130 }
131
132 /* flavor doesn't match any of the builtin types, so try new ones */
133 mutex_lock(&authsvc_lock);
134 for (asp = Auths; asp; asp = asp->next) {
135 if (asp->flavor == cred_flavor) {
136 enum auth_stat as;
137
138 as = (*asp->handler)(rqst, msg);
139 mutex_unlock(&authsvc_lock);
140 return (as);
141 }
142 }
143 mutex_unlock(&authsvc_lock);
144
145 return (AUTH_REJECTEDCRED);
146}
147
148/*ARGSUSED*/
149enum auth_stat
150_svcauth_null(rqst, msg)
151 struct svc_req *rqst;
152 struct rpc_msg *msg;
153{
154 return (AUTH_OK);
155}
156
157/*
158 * Allow the rpc service to register new authentication types that it is
159 * prepared to handle. When an authentication flavor is registered,
160 * the flavor is checked against already registered values. If not
161 * registered, then a new Auths entry is added on the list.
162 *
163 * There is no provision to delete a registration once registered.
164 *
165 * This routine returns:
166 * 0 if registration successful
167 * 1 if flavor already registered
168 * -1 if can't register (errno set)
169 */
170
171int
172svc_auth_reg(cred_flavor, handler)
173 int cred_flavor;
174 enum auth_stat (*handler) __P((struct svc_req *, struct rpc_msg *));
175{
176 struct authsvc *asp;
177 extern mutex_t authsvc_lock;
178
179 switch (cred_flavor) {
180 case AUTH_NULL:
181 case AUTH_SYS:
182 case AUTH_SHORT:
183#ifdef DES_BUILTIN
184 case AUTH_DES:
185#endif
186 /* already registered */
187 return (1);
188
189 default:
190 mutex_lock(&authsvc_lock);
191 for (asp = Auths; asp; asp = asp->next) {
192 if (asp->flavor == cred_flavor) {
193 /* already registered */
194 mutex_unlock(&authsvc_lock);
195 return (1);
196 }
197 }
198
199 /* this is a new one, so go ahead and register it */
200 asp = mem_alloc(sizeof (*asp));
201 if (asp == NULL) {
202 mutex_unlock(&authsvc_lock);
203 return (-1);
204 }
205 asp->flavor = cred_flavor;
206 asp->handler = handler;
207 asp->next = Auths;
208 Auths = asp;
209 mutex_unlock(&authsvc_lock);
210 break;
211 }
212 return (0);
213}
2
3/*
4 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
5 * unrestricted use provided that this legend is included on all tape
6 * media and as a part of the software program in whole or part. Users
7 * may copy or modify Sun RPC without charge, but are not authorized
8 * to license or distribute it to anyone else except as part of a product or
9 * program developed by the user.
10 *
11 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
12 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
13 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
14 *
15 * Sun RPC is provided with no support and without any obligation on the
16 * part of Sun Microsystems, Inc. to assist in its use, correction,
17 * modification or enhancement.
18 *
19 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
20 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
21 * OR ANY PART THEREOF.
22 *
23 * In no event will Sun Microsystems, Inc. be liable for any lost revenue
24 * or profits or other special, indirect and consequential damages, even if
25 * Sun has been advised of the possibility of such damages.
26 *
27 * Sun Microsystems, Inc.
28 * 2550 Garcia Avenue
29 * Mountain View, California 94043
30 */
31/*
32 * Copyright (c) 1986-1991 by Sun Microsystems Inc.
33 */
34
35/* #ident "@(#)svc_auth.c 1.16 94/04/24 SMI" */
36
37#if 0
38#if !defined(lint) && defined(SCCSIDS)
39static char sccsid[] = "@(#)svc_auth.c 1.26 89/02/07 Copyr 1984 Sun Micro";
40static const char rcsid[] = "$FreeBSD: head/lib/libc/rpc/svc_auth.c 74462 2001-03-19 12:50:13Z alfred $";
41#endif
42#endif
43
44/*
45 * svc_auth.c, Server-side rpc authenticator interface.
46 *
47 */
48
49#include "reentrant.h"
50#include "namespace.h"
51#include <sys/types.h>
52#include <rpc/rpc.h>
53#include <stdlib.h>
54#include "un-namespace.h"
55
56/*
57 * svcauthsw is the bdevsw of server side authentication.
58 *
59 * Server side authenticators are called from authenticate by
60 * using the client auth struct flavor field to index into svcauthsw.
61 * The server auth flavors must implement a routine that looks
62 * like:
63 *
64 * enum auth_stat
65 * flavorx_auth(rqst, msg)
66 * struct svc_req *rqst;
67 * struct rpc_msg *msg;
68 *
69 */
70
71/* declarations to allow servers to specify new authentication flavors */
72struct authsvc {
73 int flavor;
74 enum auth_stat (*handler) __P((struct svc_req *, struct rpc_msg *));
75 struct authsvc *next;
76};
77static struct authsvc *Auths = NULL;
78
79/*
80 * The call rpc message, msg has been obtained from the wire. The msg contains
81 * the raw form of credentials and verifiers. authenticate returns AUTH_OK
82 * if the msg is successfully authenticated. If AUTH_OK then the routine also
83 * does the following things:
84 * set rqst->rq_xprt->verf to the appropriate response verifier;
85 * sets rqst->rq_client_cred to the "cooked" form of the credentials.
86 *
87 * NB: rqst->rq_cxprt->verf must be pre-alloctaed;
88 * its length is set appropriately.
89 *
90 * The caller still owns and is responsible for msg->u.cmb.cred and
91 * msg->u.cmb.verf. The authentication system retains ownership of
92 * rqst->rq_client_cred, the cooked credentials.
93 *
94 * There is an assumption that any flavour less than AUTH_NULL is
95 * invalid.
96 */
97enum auth_stat
98_authenticate(rqst, msg)
99 struct svc_req *rqst;
100 struct rpc_msg *msg;
101{
102 int cred_flavor;
103 struct authsvc *asp;
104 enum auth_stat dummy;
105 extern mutex_t authsvc_lock;
106
107/* VARIABLES PROTECTED BY authsvc_lock: asp, Auths */
108
109 rqst->rq_cred = msg->rm_call.cb_cred;
110 rqst->rq_xprt->xp_verf.oa_flavor = _null_auth.oa_flavor;
111 rqst->rq_xprt->xp_verf.oa_length = 0;
112 cred_flavor = rqst->rq_cred.oa_flavor;
113 switch (cred_flavor) {
114 case AUTH_NULL:
115 dummy = _svcauth_null(rqst, msg);
116 return (dummy);
117 case AUTH_SYS:
118 dummy = _svcauth_unix(rqst, msg);
119 return (dummy);
120 case AUTH_SHORT:
121 dummy = _svcauth_short(rqst, msg);
122 return (dummy);
123#ifdef DES_BUILTIN
124 case AUTH_DES:
125 dummy = _svcauth_des(rqst, msg);
126 return (dummy);
127#endif
128 default:
129 break;
130 }
131
132 /* flavor doesn't match any of the builtin types, so try new ones */
133 mutex_lock(&authsvc_lock);
134 for (asp = Auths; asp; asp = asp->next) {
135 if (asp->flavor == cred_flavor) {
136 enum auth_stat as;
137
138 as = (*asp->handler)(rqst, msg);
139 mutex_unlock(&authsvc_lock);
140 return (as);
141 }
142 }
143 mutex_unlock(&authsvc_lock);
144
145 return (AUTH_REJECTEDCRED);
146}
147
148/*ARGSUSED*/
149enum auth_stat
150_svcauth_null(rqst, msg)
151 struct svc_req *rqst;
152 struct rpc_msg *msg;
153{
154 return (AUTH_OK);
155}
156
157/*
158 * Allow the rpc service to register new authentication types that it is
159 * prepared to handle. When an authentication flavor is registered,
160 * the flavor is checked against already registered values. If not
161 * registered, then a new Auths entry is added on the list.
162 *
163 * There is no provision to delete a registration once registered.
164 *
165 * This routine returns:
166 * 0 if registration successful
167 * 1 if flavor already registered
168 * -1 if can't register (errno set)
169 */
170
171int
172svc_auth_reg(cred_flavor, handler)
173 int cred_flavor;
174 enum auth_stat (*handler) __P((struct svc_req *, struct rpc_msg *));
175{
176 struct authsvc *asp;
177 extern mutex_t authsvc_lock;
178
179 switch (cred_flavor) {
180 case AUTH_NULL:
181 case AUTH_SYS:
182 case AUTH_SHORT:
183#ifdef DES_BUILTIN
184 case AUTH_DES:
185#endif
186 /* already registered */
187 return (1);
188
189 default:
190 mutex_lock(&authsvc_lock);
191 for (asp = Auths; asp; asp = asp->next) {
192 if (asp->flavor == cred_flavor) {
193 /* already registered */
194 mutex_unlock(&authsvc_lock);
195 return (1);
196 }
197 }
198
199 /* this is a new one, so go ahead and register it */
200 asp = mem_alloc(sizeof (*asp));
201 if (asp == NULL) {
202 mutex_unlock(&authsvc_lock);
203 return (-1);
204 }
205 asp->flavor = cred_flavor;
206 asp->handler = handler;
207 asp->next = Auths;
208 Auths = asp;
209 mutex_unlock(&authsvc_lock);
210 break;
211 }
212 return (0);
213}