1/*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2009, Sun Microsystems, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions are met: 9 * - Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * - Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * - Neither the name of Sun Microsystems, Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 * POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31#include <sys/cdefs.h> 32__FBSDID("$FreeBSD$"); 33 34/* 35 * auth_none.c 36 * Creates a client authentication handle for passing "null" 37 * credentials and verifiers to remote systems. 38 * 39 * Copyright (C) 1984, Sun Microsystems, Inc. 40 */ 41 42/* 43 * Modified from auth_none.c to expect a reply verifier of "STARTTLS" 44 * for the RPC-over-TLS STARTTLS command. 45 */ 46 47#include <sys/param.h> 48#include <sys/systm.h> 49#include <sys/kernel.h> 50#include <sys/lock.h> 51#include <sys/malloc.h> 52#include <sys/mutex.h> 53 54#include <rpc/types.h> 55#include <rpc/xdr.h> 56#include <rpc/auth.h> 57#include <rpc/clnt.h> 58#include <rpc/rpcsec_tls.h> 59 60#define MAX_MARSHAL_SIZE 20 61 62/* 63 * Authenticator operations routines 64 */ 65 66static bool_t authtls_marshal (AUTH *, uint32_t, XDR *, struct mbuf *); 67static void authtls_verf (AUTH *); 68static bool_t authtls_validate (AUTH *, uint32_t, struct opaque_auth *, 69 struct mbuf **); 70static bool_t authtls_refresh (AUTH *, void *); 71static void authtls_destroy (AUTH *); 72 73static struct auth_ops authtls_ops = { 74 .ah_nextverf = authtls_verf, 75 .ah_marshal = authtls_marshal, 76 .ah_validate = authtls_validate, 77 .ah_refresh = authtls_refresh, 78 .ah_destroy = authtls_destroy, 79}; 80 81struct authtls_private { 82 AUTH no_client; 83 char mclient[MAX_MARSHAL_SIZE]; 84 u_int mcnt; 85}; 86 87static struct authtls_private authtls_private; 88static struct opaque_auth _tls_null_auth; 89 90static void 91authtls_init(void *dummy) 92{ 93 struct authtls_private *ap = &authtls_private; 94 XDR xdrs; 95 96 _tls_null_auth.oa_flavor = AUTH_TLS; 97 _tls_null_auth.oa_base = NULL; 98 _tls_null_auth.oa_length = 0; 99 ap->no_client.ah_cred = _tls_null_auth; 100 ap->no_client.ah_verf = _null_auth; 101 ap->no_client.ah_ops = &authtls_ops; 102 xdrmem_create(&xdrs, ap->mclient, MAX_MARSHAL_SIZE, XDR_ENCODE); 103 xdr_opaque_auth(&xdrs, &ap->no_client.ah_cred); 104 xdr_opaque_auth(&xdrs, &ap->no_client.ah_verf); 105 ap->mcnt = XDR_GETPOS(&xdrs); 106 XDR_DESTROY(&xdrs); 107} 108SYSINIT(authtls_init, SI_SUB_KMEM, SI_ORDER_ANY, authtls_init, NULL); 109 110AUTH * 111authtls_create(void) 112{ 113 struct authtls_private *ap = &authtls_private; 114 115 return (&ap->no_client); 116} 117 118/*ARGSUSED*/ 119static bool_t 120authtls_marshal(AUTH *client, uint32_t xid, XDR *xdrs, struct mbuf *args) 121{ 122 struct authtls_private *ap = &authtls_private; 123 124 KASSERT(xdrs != NULL, ("authtls_marshal: xdrs is null")); 125 126 if (!XDR_PUTBYTES(xdrs, ap->mclient, ap->mcnt)) 127 return (FALSE); 128 129 xdrmbuf_append(xdrs, args); 130 131 return (TRUE); 132} 133 134/* All these unused parameters are required to keep ANSI-C from grumbling */ 135/*ARGSUSED*/ 136static void 137authtls_verf(AUTH *client) 138{ 139} 140 141/*ARGSUSED*/ 142static bool_t 143authtls_validate(AUTH *client, uint32_t xid, struct opaque_auth *opaque, 144 struct mbuf **mrepp) 145{ 146 size_t strsiz; 147 148 strsiz = strlen(RPCTLS_START_STRING); 149 /* The verifier must be the string RPCTLS_START_STRING. */ 150 if (opaque != NULL && 151 (opaque->oa_length != strsiz || memcmp(opaque->oa_base, 152 RPCTLS_START_STRING, strsiz) != 0)) 153 return (FALSE); 154 return (TRUE); 155} 156 157/*ARGSUSED*/ 158static bool_t 159authtls_refresh(AUTH *client, void *dummy) 160{ 161 162 return (FALSE); 163} 164 165/*ARGSUSED*/ 166static void 167authtls_destroy(AUTH *client) 168{ 169} 170