1/*	$NetBSD: auth_unix.c,v 1.18 2000/07/06 03:03:30 christos Exp $	*/
2
3/*-
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 * Copyright (c) 2009, Sun Microsystems, Inc.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions are met:
11 * - Redistributions of source code must retain the above copyright notice,
12 *   this list of conditions and the following disclaimer.
13 * - Redistributions in binary form must reproduce the above copyright notice,
14 *   this list of conditions and the following disclaimer in the documentation
15 *   and/or other materials provided with the distribution.
16 * - Neither the name of Sun Microsystems, Inc. nor the names of its
17 *   contributors may be used to endorse or promote products derived
18 *   from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 */
32
33#if defined(LIBC_SCCS) && !defined(lint)
34static char *sccsid2 = "@(#)auth_unix.c 1.19 87/08/11 Copyr 1984 Sun Micro";
35static char *sccsid = "@(#)auth_unix.c	2.2 88/08/01 4.0 RPCSRC";
36#endif
37#include <sys/cdefs.h>
38__FBSDID("$FreeBSD$");
39
40/*
41 * auth_unix.c, Implements UNIX style authentication parameters.
42 *
43 * Copyright (C) 1984, Sun Microsystems, Inc.
44 *
45 * The system is very weak.  The client uses no encryption for it's
46 * credentials and only sends null verifiers.  The server sends backs
47 * null verifiers or optionally a verifier that suggests a new short hand
48 * for the credentials.
49 *
50 */
51
52#include <sys/param.h>
53#include <sys/systm.h>
54#include <sys/hash.h>
55#include <sys/kernel.h>
56#include <sys/lock.h>
57#include <sys/malloc.h>
58#include <sys/pcpu.h>
59#include <sys/refcount.h>
60#include <sys/sx.h>
61#include <sys/ucred.h>
62
63#include <rpc/types.h>
64#include <rpc/xdr.h>
65#include <rpc/auth.h>
66#include <rpc/clnt.h>
67
68#include <rpc/rpc_com.h>
69
70/* auth_unix.c */
71static void authunix_nextverf (AUTH *);
72static bool_t authunix_marshal (AUTH *, uint32_t, XDR *, struct mbuf *);
73static bool_t authunix_validate (AUTH *, uint32_t, struct opaque_auth *,
74    struct mbuf **);
75static bool_t authunix_refresh (AUTH *, void *);
76static void authunix_destroy (AUTH *);
77static void marshal_new_auth (AUTH *);
78
79static struct auth_ops authunix_ops = {
80	.ah_nextverf =		authunix_nextverf,
81	.ah_marshal =		authunix_marshal,
82	.ah_validate =		authunix_validate,
83	.ah_refresh =		authunix_refresh,
84	.ah_destroy =		authunix_destroy,
85};
86
87/*
88 * This struct is pointed to by the ah_private field of an auth_handle.
89 */
90struct audata {
91	TAILQ_ENTRY(audata)	au_link;
92	TAILQ_ENTRY(audata)	au_alllink;
93	volatile u_int		au_refs;
94	struct xucred		au_xcred;
95	struct opaque_auth	au_origcred;	/* original credentials */
96	struct opaque_auth	au_shcred;	/* short hand cred */
97	u_long			au_shfaults;	/* short hand cache faults */
98	char			au_marshed[MAX_AUTH_BYTES];
99	u_int			au_mpos;	/* xdr pos at end of marshed */
100	AUTH			*au_auth;	/* link back to AUTH */
101};
102TAILQ_HEAD(audata_list, audata);
103#define	AUTH_PRIVATE(auth)	((struct audata *)auth->ah_private)
104
105#define AUTH_UNIX_HASH_SIZE	16
106#define AUTH_UNIX_MAX		256
107static struct audata_list auth_unix_cache[AUTH_UNIX_HASH_SIZE];
108static struct audata_list auth_unix_all;
109static struct sx auth_unix_lock;
110static int auth_unix_count;
111
112static void
113authunix_init(void *dummy)
114{
115	int i;
116
117	for (i = 0; i < AUTH_UNIX_HASH_SIZE; i++)
118		TAILQ_INIT(&auth_unix_cache[i]);
119	TAILQ_INIT(&auth_unix_all);
120	sx_init(&auth_unix_lock, "auth_unix_lock");
121}
122SYSINIT(authunix_init, SI_SUB_KMEM, SI_ORDER_ANY, authunix_init, NULL);
123
124/*
125 * Create a unix style authenticator.
126 * Returns an auth handle with the given stuff in it.
127 */
128AUTH *
129authunix_create(struct ucred *cred)
130{
131	uint32_t h, th;
132	struct xucred xcr;
133	char mymem[MAX_AUTH_BYTES];
134	XDR xdrs;
135	AUTH *auth;
136	struct audata *au, *tau;
137	struct timeval now;
138	uint32_t time;
139	int len;
140
141	if (auth_unix_count > AUTH_UNIX_MAX) {
142		while (auth_unix_count > AUTH_UNIX_MAX) {
143			sx_xlock(&auth_unix_lock);
144			tau = TAILQ_FIRST(&auth_unix_all);
145			th = HASHSTEP(HASHINIT, tau->au_xcred.cr_uid)
146				% AUTH_UNIX_HASH_SIZE;
147			TAILQ_REMOVE(&auth_unix_cache[th], tau, au_link);
148			TAILQ_REMOVE(&auth_unix_all, tau, au_alllink);
149			auth_unix_count--;
150			sx_xunlock(&auth_unix_lock);
151			AUTH_DESTROY(tau->au_auth);
152		}
153	}
154
155	/*
156	 * Hash the uid to see if we already have an AUTH with this cred.
157	 */
158	h = HASHSTEP(HASHINIT, cred->cr_uid) % AUTH_UNIX_HASH_SIZE;
159	cru2x(cred, &xcr);
160again:
161	sx_slock(&auth_unix_lock);
162	TAILQ_FOREACH(au, &auth_unix_cache[h], au_link) {
163		if (!memcmp(&xcr, &au->au_xcred, sizeof(xcr))) {
164			refcount_acquire(&au->au_refs);
165			if (sx_try_upgrade(&auth_unix_lock)) {
166				/*
167				 * Keep auth_unix_all LRU sorted.
168				 */
169				TAILQ_REMOVE(&auth_unix_all, au, au_alllink);
170				TAILQ_INSERT_TAIL(&auth_unix_all, au,
171				    au_alllink);
172				sx_xunlock(&auth_unix_lock);
173			} else {
174				sx_sunlock(&auth_unix_lock);
175			}
176			return (au->au_auth);
177		}
178	}
179
180	sx_sunlock(&auth_unix_lock);
181
182	/*
183	 * Allocate and set up auth handle
184	 */
185	au = NULL;
186	auth = mem_alloc(sizeof(*auth));
187	au = mem_alloc(sizeof(*au));
188	auth->ah_ops = &authunix_ops;
189	auth->ah_private = (caddr_t)au;
190	auth->ah_verf = au->au_shcred = _null_auth;
191	refcount_init(&au->au_refs, 1);
192	au->au_xcred = xcr;
193	au->au_shfaults = 0;
194	au->au_origcred.oa_base = NULL;
195	au->au_auth = auth;
196
197	getmicrotime(&now);
198	time = now.tv_sec;
199
200	/*
201	 * Serialize the parameters into origcred
202	 */
203	xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE);
204	cru2x(cred, &xcr);
205	if (! xdr_authunix_parms(&xdrs, &time, &xcr))
206		panic("authunix_create: failed to encode creds");
207	au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);
208	au->au_origcred.oa_flavor = AUTH_UNIX;
209	au->au_origcred.oa_base = mem_alloc((u_int) len);
210	memcpy(au->au_origcred.oa_base, mymem, (size_t)len);
211
212	/*
213	 * set auth handle to reflect new cred.
214	 */
215	auth->ah_cred = au->au_origcred;
216	marshal_new_auth(auth);
217
218	sx_xlock(&auth_unix_lock);
219	TAILQ_FOREACH(tau, &auth_unix_cache[h], au_link) {
220		if (!memcmp(&xcr, &tau->au_xcred, sizeof(xcr))) {
221			/*
222			 * We lost a race to create the AUTH that
223			 * matches this cred.
224			 */
225			sx_xunlock(&auth_unix_lock);
226			AUTH_DESTROY(auth);
227			goto again;
228		}
229	}
230
231	auth_unix_count++;
232	TAILQ_INSERT_TAIL(&auth_unix_cache[h], au, au_link);
233	TAILQ_INSERT_TAIL(&auth_unix_all, au, au_alllink);
234	refcount_acquire(&au->au_refs);	/* one for the cache, one for user */
235	sx_xunlock(&auth_unix_lock);
236
237	return (auth);
238}
239
240/*
241 * authunix operations
242 */
243
244/* ARGSUSED */
245static void
246authunix_nextverf(AUTH *auth)
247{
248	/* no action necessary */
249}
250
251static bool_t
252authunix_marshal(AUTH *auth, uint32_t xid, XDR *xdrs, struct mbuf *args)
253{
254	struct audata *au;
255
256	au = AUTH_PRIVATE(auth);
257	if (!XDR_PUTBYTES(xdrs, au->au_marshed, au->au_mpos))
258		return (FALSE);
259
260	xdrmbuf_append(xdrs, args);
261
262	return (TRUE);
263}
264
265static bool_t
266authunix_validate(AUTH *auth, uint32_t xid, struct opaque_auth *verf,
267    struct mbuf **mrepp)
268{
269	struct audata *au;
270	XDR txdrs;
271
272	if (!verf)
273		return (TRUE);
274
275	if (verf->oa_flavor == AUTH_SHORT) {
276		au = AUTH_PRIVATE(auth);
277		xdrmem_create(&txdrs, verf->oa_base, verf->oa_length,
278		    XDR_DECODE);
279
280		if (au->au_shcred.oa_base != NULL) {
281			mem_free(au->au_shcred.oa_base,
282			    au->au_shcred.oa_length);
283			au->au_shcred.oa_base = NULL;
284		}
285		if (xdr_opaque_auth(&txdrs, &au->au_shcred)) {
286			auth->ah_cred = au->au_shcred;
287		} else {
288			txdrs.x_op = XDR_FREE;
289			(void)xdr_opaque_auth(&txdrs, &au->au_shcred);
290			au->au_shcred.oa_base = NULL;
291			auth->ah_cred = au->au_origcred;
292		}
293		marshal_new_auth(auth);
294	}
295
296	return (TRUE);
297}
298
299static bool_t
300authunix_refresh(AUTH *auth, void *dummy)
301{
302	struct audata *au = AUTH_PRIVATE(auth);
303	struct xucred xcr;
304	uint32_t time;
305	struct timeval now;
306	XDR xdrs;
307	int stat;
308
309	if (auth->ah_cred.oa_base == au->au_origcred.oa_base) {
310		/* there is no hope.  Punt */
311		return (FALSE);
312	}
313	au->au_shfaults ++;
314
315	/* first deserialize the creds back into a struct ucred */
316	xdrmem_create(&xdrs, au->au_origcred.oa_base,
317	    au->au_origcred.oa_length, XDR_DECODE);
318	stat = xdr_authunix_parms(&xdrs, &time, &xcr);
319	if (! stat)
320		goto done;
321
322	/* update the time and serialize in place */
323	getmicrotime(&now);
324	time = now.tv_sec;
325	xdrs.x_op = XDR_ENCODE;
326	XDR_SETPOS(&xdrs, 0);
327
328	stat = xdr_authunix_parms(&xdrs, &time, &xcr);
329	if (! stat)
330		goto done;
331	auth->ah_cred = au->au_origcred;
332	marshal_new_auth(auth);
333done:
334	XDR_DESTROY(&xdrs);
335	return (stat);
336}
337
338static void
339authunix_destroy(AUTH *auth)
340{
341	struct audata *au;
342
343	au = AUTH_PRIVATE(auth);
344
345	if (!refcount_release(&au->au_refs))
346		return;
347
348	mem_free(au->au_origcred.oa_base, au->au_origcred.oa_length);
349
350	if (au->au_shcred.oa_base != NULL)
351		mem_free(au->au_shcred.oa_base, au->au_shcred.oa_length);
352
353	mem_free(auth->ah_private, sizeof(struct audata));
354
355	if (auth->ah_verf.oa_base != NULL)
356		mem_free(auth->ah_verf.oa_base, auth->ah_verf.oa_length);
357
358	mem_free(auth, sizeof(*auth));
359}
360
361/*
362 * Marshals (pre-serializes) an auth struct.
363 * sets private data, au_marshed and au_mpos
364 */
365static void
366marshal_new_auth(AUTH *auth)
367{
368	XDR	xdr_stream;
369	XDR	*xdrs = &xdr_stream;
370	struct audata *au;
371
372	au = AUTH_PRIVATE(auth);
373	xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE);
374	if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) ||
375	    (! xdr_opaque_auth(xdrs, &(auth->ah_verf))))
376		printf("auth_none.c - Fatal marshalling problem");
377	else
378		au->au_mpos = XDR_GETPOS(xdrs);
379	XDR_DESTROY(xdrs);
380}
381