1/*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2009, Sun Microsystems, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions are met: 9 * - Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * - Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * - Neither the name of Sun Microsystems, Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 * POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31#include <sys/cdefs.h> 32/* 33 * auth_none.c 34 * Creates a client authentication handle for passing "null" 35 * credentials and verifiers to remote systems. 36 * 37 * Copyright (C) 1984, Sun Microsystems, Inc. 38 */ 39 40/* 41 * Modified from auth_none.c to expect a reply verifier of "STARTTLS" 42 * for the RPC-over-TLS STARTTLS command. 43 */ 44 45#include <sys/param.h> 46#include <sys/systm.h> 47#include <sys/kernel.h> 48#include <sys/lock.h> 49#include <sys/malloc.h> 50#include <sys/mutex.h> 51 52#include <rpc/types.h> 53#include <rpc/xdr.h> 54#include <rpc/auth.h> 55#include <rpc/clnt.h> 56#include <rpc/rpcsec_tls.h> 57 58#define MAX_MARSHAL_SIZE 20 59 60/* 61 * Authenticator operations routines 62 */ 63 64static bool_t authtls_marshal (AUTH *, uint32_t, XDR *, struct mbuf *); 65static void authtls_verf (AUTH *); 66static bool_t authtls_validate (AUTH *, uint32_t, struct opaque_auth *, 67 struct mbuf **); 68static bool_t authtls_refresh (AUTH *, void *); 69static void authtls_destroy (AUTH *); 70 71static const struct auth_ops authtls_ops = { 72 .ah_nextverf = authtls_verf, 73 .ah_marshal = authtls_marshal, 74 .ah_validate = authtls_validate, 75 .ah_refresh = authtls_refresh, 76 .ah_destroy = authtls_destroy, 77}; 78 79struct authtls_private { 80 AUTH no_client; 81 char mclient[MAX_MARSHAL_SIZE]; 82 u_int mcnt; 83}; 84 85static struct authtls_private authtls_private; 86static struct opaque_auth _tls_null_auth; 87 88static void 89authtls_init(void *dummy) 90{ 91 struct authtls_private *ap = &authtls_private; 92 XDR xdrs; 93 94 _tls_null_auth.oa_flavor = AUTH_TLS; 95 _tls_null_auth.oa_base = NULL; 96 _tls_null_auth.oa_length = 0; 97 ap->no_client.ah_cred = _tls_null_auth; 98 ap->no_client.ah_verf = _null_auth; 99 ap->no_client.ah_ops = &authtls_ops; 100 xdrmem_create(&xdrs, ap->mclient, MAX_MARSHAL_SIZE, XDR_ENCODE); 101 xdr_opaque_auth(&xdrs, &ap->no_client.ah_cred); 102 xdr_opaque_auth(&xdrs, &ap->no_client.ah_verf); 103 ap->mcnt = XDR_GETPOS(&xdrs); 104 XDR_DESTROY(&xdrs); 105} 106SYSINIT(authtls_init, SI_SUB_KMEM, SI_ORDER_ANY, authtls_init, NULL); 107 108AUTH * 109authtls_create(void) 110{ 111 struct authtls_private *ap = &authtls_private; 112 113 return (&ap->no_client); 114} 115 116/*ARGSUSED*/ 117static bool_t 118authtls_marshal(AUTH *client, uint32_t xid, XDR *xdrs, struct mbuf *args) 119{ 120 struct authtls_private *ap = &authtls_private; 121 122 KASSERT(xdrs != NULL, ("authtls_marshal: xdrs is null")); 123 124 if (!XDR_PUTBYTES(xdrs, ap->mclient, ap->mcnt)) 125 return (FALSE); 126 127 xdrmbuf_append(xdrs, args); 128 129 return (TRUE); 130} 131 132/* All these unused parameters are required to keep ANSI-C from grumbling */ 133/*ARGSUSED*/ 134static void 135authtls_verf(AUTH *client) 136{ 137} 138 139/*ARGSUSED*/ 140static bool_t 141authtls_validate(AUTH *client, uint32_t xid, struct opaque_auth *opaque, 142 struct mbuf **mrepp) 143{ 144 size_t strsiz; 145 146 strsiz = strlen(RPCTLS_START_STRING); 147 /* The verifier must be the string RPCTLS_START_STRING. */ 148 if (opaque != NULL && 149 (opaque->oa_length != strsiz || memcmp(opaque->oa_base, 150 RPCTLS_START_STRING, strsiz) != 0)) 151 return (FALSE); 152 return (TRUE); 153} 154 155/*ARGSUSED*/ 156static bool_t 157authtls_refresh(AUTH *client, void *dummy) 158{ 159 160 return (FALSE); 161} 162 163/*ARGSUSED*/ 164static void 165authtls_destroy(AUTH *client) 166{ 167} 168