svc_auth_unix.c revision 258578
11824Sxuelei/*- 29330Slana * Copyright (c) 2009, Sun Microsystems, Inc. 31824Sxuelei * All rights reserved. 41824Sxuelei * 51824Sxuelei * Redistribution and use in source and binary forms, with or without 61824Sxuelei * modification, are permitted provided that the following conditions are met: 71824Sxuelei * - Redistributions of source code must retain the above copyright notice, 81824Sxuelei * this list of conditions and the following disclaimer. 91824Sxuelei * - Redistributions in binary form must reproduce the above copyright notice, 101824Sxuelei * this list of conditions and the following disclaimer in the documentation 111824Sxuelei * and/or other materials provided with the distribution. 121824Sxuelei * - Neither the name of Sun Microsystems, Inc. nor the names of its 131824Sxuelei * contributors may be used to endorse or promote products derived 141824Sxuelei * from this software without specific prior written permission. 151824Sxuelei * 161824Sxuelei * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 171824Sxuelei * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 181824Sxuelei * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 192362Sohair * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 202362Sohair * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 212362Sohair * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 221824Sxuelei * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 231824Sxuelei * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 246315Sxuelei * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 256315Sxuelei * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 266315Sxuelei * POSSIBILITY OF SUCH DAMAGE. 271824Sxuelei */ 281824Sxuelei 291824Sxuelei#if defined(LIBC_SCCS) && !defined(lint) 303476Sxueleistatic char *sccsid2 = "@(#)svc_auth_unix.c 1.28 88/02/08 Copyr 1984 Sun Micro"; 311824Sxueleistatic char *sccsid = "@(#)svc_auth_unix.c 2.3 88/08/01 4.0 RPCSRC"; 323476Sxuelei#endif 333476Sxuelei#include <sys/cdefs.h> 346315Sxuelei__FBSDID("$FreeBSD: head/sys/rpc/svc_auth_unix.c 258578 2013-11-25 19:04:36Z hrs $"); 351824Sxuelei 361824Sxuelei/* 371824Sxuelei * svc_auth_unix.c 381824Sxuelei * Handles UNIX flavor authentication parameters on the service side of rpc. 391824Sxuelei * There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT. 401824Sxuelei * _svcauth_unix does full blown unix style uid,gid+gids auth, 411824Sxuelei * _svcauth_short uses a shorthand auth to index into a cache of longhand auths. 421824Sxuelei * Note: the shorthand has been gutted for efficiency. 433476Sxuelei * 441824Sxuelei * Copyright (C) 1984, Sun Microsystems, Inc. 451824Sxuelei */ 461824Sxuelei 471824Sxuelei#include <sys/param.h> 481824Sxuelei#include <sys/lock.h> 491824Sxuelei#include <sys/mutex.h> 501824Sxuelei#include <sys/systm.h> 511824Sxuelei#include <sys/ucred.h> 521824Sxuelei 531824Sxuelei#include <rpc/rpc.h> 541824Sxuelei 551824Sxuelei#include <rpc/rpc_com.h> 561824Sxuelei 571824Sxuelei#define MAX_MACHINE_NAME 255 581824Sxuelei#define NGRPS 16 591824Sxuelei 601824Sxuelei/* 611824Sxuelei * Unix longhand authenticator 621824Sxuelei */ 631824Sxueleienum auth_stat 641824Sxuelei_svcauth_unix(struct svc_req *rqst, struct rpc_msg *msg) 651824Sxuelei{ 661824Sxuelei enum auth_stat stat; 671824Sxuelei XDR xdrs; 681824Sxuelei int32_t *buf; 691824Sxuelei uint32_t time; 701824Sxuelei struct xucred *xcr; 711824Sxuelei u_int auth_len; 721824Sxuelei size_t str_len, gid_len; 731824Sxuelei u_int i; 741824Sxuelei 751824Sxuelei xcr = rqst->rq_clntcred; 761824Sxuelei auth_len = (u_int)msg->rm_call.cb_cred.oa_length; 771824Sxuelei xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len, 781824Sxuelei XDR_DECODE); 791824Sxuelei buf = XDR_INLINE(&xdrs, auth_len); 801824Sxuelei if (buf != NULL) { 811824Sxuelei time = IXDR_GET_UINT32(buf); 821824Sxuelei str_len = (size_t)IXDR_GET_UINT32(buf); 831824Sxuelei if (str_len > MAX_MACHINE_NAME) { 841824Sxuelei stat = AUTH_BADCRED; 851824Sxuelei goto done; 861824Sxuelei } 871824Sxuelei str_len = RNDUP(str_len); 881824Sxuelei buf += str_len / sizeof (int32_t); 891824Sxuelei xcr->cr_uid = IXDR_GET_UINT32(buf); 901824Sxuelei xcr->cr_groups[0] = IXDR_GET_UINT32(buf); 911824Sxuelei gid_len = (size_t)IXDR_GET_UINT32(buf); 921824Sxuelei if (gid_len > NGRPS) { 931824Sxuelei stat = AUTH_BADCRED; 941824Sxuelei goto done; 951824Sxuelei } 961824Sxuelei for (i = 0; i < gid_len; i++) { 971824Sxuelei if (i + 1 < XU_NGROUPS) 981824Sxuelei xcr->cr_groups[i + 1] = IXDR_GET_INT32(buf); 991824Sxuelei else 1001824Sxuelei buf++; 1011824Sxuelei } 1021824Sxuelei if (gid_len + 1 > XU_NGROUPS) 1031824Sxuelei xcr->cr_ngroups = XU_NGROUPS; 1041824Sxuelei else 1051824Sxuelei xcr->cr_ngroups = gid_len + 1; 1061824Sxuelei 1071824Sxuelei /* 1081824Sxuelei * five is the smallest unix credentials structure - 1091824Sxuelei * timestamp, hostname len (0), uid, gid, and gids len (0). 1101824Sxuelei */ 1111824Sxuelei if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { 1121824Sxuelei (void) printf("bad auth_len gid %ld str %ld auth %u\n", 1131824Sxuelei (long)gid_len, (long)str_len, auth_len); 1141824Sxuelei stat = AUTH_BADCRED; 1151824Sxuelei goto done; 1161824Sxuelei } 1171824Sxuelei } else if (! xdr_authunix_parms(&xdrs, &time, xcr)) { 1181824Sxuelei stat = AUTH_BADCRED; 1191824Sxuelei goto done; 1201824Sxuelei } 1211824Sxuelei 1221824Sxuelei rqst->rq_verf = _null_auth; 1231824Sxuelei stat = AUTH_OK; 1241824Sxueleidone: 1251824Sxuelei XDR_DESTROY(&xdrs); 1261824Sxuelei 1271824Sxuelei return (stat); 1281824Sxuelei} 1291824Sxuelei 1301824Sxuelei 1311824Sxuelei/* 1321824Sxuelei * Shorthand unix authenticator 1331824Sxuelei * Looks up longhand in a cache. 1341824Sxuelei */ 1351824Sxuelei/*ARGSUSED*/ 1361824Sxueleienum auth_stat 1371824Sxuelei_svcauth_short(rqst, msg) 1381824Sxuelei struct svc_req *rqst; 1396315Sxuelei struct rpc_msg *msg; 1406315Sxuelei{ 1416315Sxuelei return (AUTH_REJECTEDCRED); 1426315Sxuelei} 1431824Sxuelei