1261046Smav/*- 2261046Smav * Copyright (c) 2009, Sun Microsystems, Inc. 3261046Smav * All rights reserved. 48870Srgrimes * 5261046Smav * Redistribution and use in source and binary forms, with or without 6261046Smav * modification, are permitted provided that the following conditions are met: 7261046Smav * - Redistributions of source code must retain the above copyright notice, 8261046Smav * this list of conditions and the following disclaimer. 9261046Smav * - Redistributions in binary form must reproduce the above copyright notice, 10261046Smav * this list of conditions and the following disclaimer in the documentation 11261046Smav * and/or other materials provided with the distribution. 12261046Smav * - Neither the name of Sun Microsystems, Inc. nor the names of its 13261046Smav * contributors may be used to endorse or promote products derived 14261046Smav * from this software without specific prior written permission. 15261046Smav * 16261046Smav * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17261046Smav * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18261046Smav * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19261046Smav * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 20261046Smav * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21261046Smav * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22261046Smav * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23261046Smav * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24261046Smav * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25261046Smav * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26261046Smav * POSSIBILITY OF SUCH DAMAGE. 271901Swollman */ 281901Swollman 291901Swollman#if defined(LIBC_SCCS) && !defined(lint) 30136581Sobrienstatic char *sccsid2 = "@(#)svc_auth_unix.c 1.28 88/02/08 Copyr 1984 Sun Micro"; 3174462Salfredstatic char *sccsid = "@(#)svc_auth_unix.c 2.3 88/08/01 4.0 RPCSRC"; 321901Swollman#endif 3392990Sobrien#include <sys/cdefs.h> 3492990Sobrien__FBSDID("$FreeBSD: stable/10/lib/libc/rpc/svc_auth_unix.c 309487 2016-12-03 17:27:28Z ngie $"); 351901Swollman 361901Swollman/* 371901Swollman * svc_auth_unix.c 381901Swollman * Handles UNIX flavor authentication parameters on the service side of rpc. 391901Swollman * There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT. 401901Swollman * _svcauth_unix does full blown unix style uid,gid+gids auth, 411901Swollman * _svcauth_short uses a shorthand auth to index into a cache of longhand auths. 421901Swollman * Note: the shorthand has been gutted for efficiency. 431901Swollman * 441901Swollman * Copyright (C) 1984, Sun Microsystems, Inc. 451901Swollman */ 461901Swollman 4774462Salfred#include "namespace.h" 4874462Salfred#include <assert.h> 491901Swollman#include <stdio.h> 5011666Sphk#include <string.h> 5174462Salfred 521901Swollman#include <rpc/rpc.h> 5374462Salfred#include "un-namespace.h" 541901Swollman 551901Swollman/* 561901Swollman * Unix longhand authenticator 571901Swollman */ 581901Swollmanenum auth_stat 59309487Sngie_svcauth_unix(struct svc_req *rqst, struct rpc_msg *msg) 601901Swollman{ 6174462Salfred enum auth_stat stat; 621901Swollman XDR xdrs; 6374462Salfred struct authunix_parms *aup; 6474462Salfred int32_t *buf; 651901Swollman struct area { 661901Swollman struct authunix_parms area_aup; 671901Swollman char area_machname[MAX_MACHINE_NAME+1]; 68241181Spfg u_int area_gids[NGRPS]; 691901Swollman } *area; 701901Swollman u_int auth_len; 7174462Salfred size_t str_len, gid_len; 7274462Salfred u_int i; 731901Swollman 7474462Salfred assert(rqst != NULL); 7574462Salfred assert(msg != NULL); 7674462Salfred 771901Swollman area = (struct area *) rqst->rq_clntcred; 781901Swollman aup = &area->area_aup; 791901Swollman aup->aup_machname = area->area_machname; 801901Swollman aup->aup_gids = area->area_gids; 811901Swollman auth_len = (u_int)msg->rm_call.cb_cred.oa_length; 821901Swollman xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); 831901Swollman buf = XDR_INLINE(&xdrs, auth_len); 841901Swollman if (buf != NULL) { 8574462Salfred aup->aup_time = IXDR_GET_INT32(buf); 8674462Salfred str_len = (size_t)IXDR_GET_U_INT32(buf); 871901Swollman if (str_len > MAX_MACHINE_NAME) { 881901Swollman stat = AUTH_BADCRED; 891901Swollman goto done; 901901Swollman } 9174462Salfred memmove(aup->aup_machname, buf, str_len); 921901Swollman aup->aup_machname[str_len] = 0; 931901Swollman str_len = RNDUP(str_len); 9421088Speter buf += str_len / sizeof (int32_t); 9574462Salfred aup->aup_uid = (int)IXDR_GET_INT32(buf); 9674462Salfred aup->aup_gid = (int)IXDR_GET_INT32(buf); 9774462Salfred gid_len = (size_t)IXDR_GET_U_INT32(buf); 981901Swollman if (gid_len > NGRPS) { 991901Swollman stat = AUTH_BADCRED; 1001901Swollman goto done; 1011901Swollman } 1021901Swollman aup->aup_len = gid_len; 1031901Swollman for (i = 0; i < gid_len; i++) { 10474462Salfred aup->aup_gids[i] = (int)IXDR_GET_INT32(buf); 1051901Swollman } 1061901Swollman /* 1071901Swollman * five is the smallest unix credentials structure - 1081901Swollman * timestamp, hostname len (0), uid, gid, and gids len (0). 1091901Swollman */ 1101901Swollman if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { 11174462Salfred (void) printf("bad auth_len gid %ld str %ld auth %u\n", 11274462Salfred (long)gid_len, (long)str_len, auth_len); 1131901Swollman stat = AUTH_BADCRED; 1141901Swollman goto done; 1151901Swollman } 1161901Swollman } else if (! xdr_authunix_parms(&xdrs, aup)) { 1171901Swollman xdrs.x_op = XDR_FREE; 1181901Swollman (void)xdr_authunix_parms(&xdrs, aup); 1191901Swollman stat = AUTH_BADCRED; 1201901Swollman goto done; 1211901Swollman } 12226221Swpaul 12374462Salfred /* get the verifier */ 12426221Swpaul if ((u_int)msg->rm_call.cb_verf.oa_length) { 12574462Salfred rqst->rq_xprt->xp_verf.oa_flavor = 12626221Swpaul msg->rm_call.cb_verf.oa_flavor; 12774462Salfred rqst->rq_xprt->xp_verf.oa_base = 12826221Swpaul msg->rm_call.cb_verf.oa_base; 12974462Salfred rqst->rq_xprt->xp_verf.oa_length = 13026221Swpaul msg->rm_call.cb_verf.oa_length; 13126221Swpaul } else { 13226221Swpaul rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL; 13326221Swpaul rqst->rq_xprt->xp_verf.oa_length = 0; 13426221Swpaul } 1351901Swollman stat = AUTH_OK; 1361901Swollmandone: 1371901Swollman XDR_DESTROY(&xdrs); 1381901Swollman return (stat); 1391901Swollman} 1401901Swollman 1411901Swollman 1421901Swollman/* 1431901Swollman * Shorthand unix authenticator 1441901Swollman * Looks up longhand in a cache. 1451901Swollman */ 1461901Swollman/*ARGSUSED*/ 14774462Salfredenum auth_stat 148309487Sngie_svcauth_short(struct svc_req *rqst, struct rpc_msg *msg) 1491901Swollman{ 1501901Swollman return (AUTH_REJECTEDCRED); 1511901Swollman} 152