1/* 2 * Copyright (c) 2010 Apple Inc. All rights reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of Apple Inc. ("Apple") nor the names of its 16 * contributors may be used to endorse or promote products derived from 17 * this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 20 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 21 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 22 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 23 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 24 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 26 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 * 30 * Portions of this software have been released under the following terms: 31 * 32 * (c) Copyright 1989-1993 OPEN SOFTWARE FOUNDATION, INC. 33 * (c) Copyright 1989-1993 HEWLETT-PACKARD COMPANY 34 * (c) Copyright 1989-1993 DIGITAL EQUIPMENT CORPORATION 35 * 36 * To anyone who acknowledges that this file is provided "AS IS" 37 * without any express or implied warranty: 38 * permission to use, copy, modify, and distribute this file for any 39 * purpose is hereby granted without fee, provided that the above 40 * copyright notices and this notice appears in all source code copies, 41 * and that none of the names of Open Software Foundation, Inc., Hewlett- 42 * Packard Company or Digital Equipment Corporation be used 43 * in advertising or publicity pertaining to distribution of the software 44 * without specific, written prior permission. Neither Open Software 45 * Foundation, Inc., Hewlett-Packard Company nor Digital 46 * Equipment Corporation makes any representations about the suitability 47 * of this software for any purpose. 48 * 49 * Copyright (c) 2007, Novell, Inc. All rights reserved. 50 * Redistribution and use in source and binary forms, with or without 51 * modification, are permitted provided that the following conditions 52 * are met: 53 * 54 * 1. Redistributions of source code must retain the above copyright 55 * notice, this list of conditions and the following disclaimer. 56 * 2. Redistributions in binary form must reproduce the above copyright 57 * notice, this list of conditions and the following disclaimer in the 58 * documentation and/or other materials provided with the distribution. 59 * 3. Neither the name of Novell Inc. nor the names of its contributors 60 * may be used to endorse or promote products derived from this 61 * this software without specific prior written permission. 62 * 63 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 64 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 65 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 66 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY 67 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 68 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 69 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 70 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 71 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 72 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 73 * 74 * @APPLE_LICENSE_HEADER_END@ 75 */ 76 77/* 78** 79** NAME 80** 81** rpcdgcom.c 82** 83** FACILITY: 84** 85** Remote Procedure Call (RPC) 86** 87** ABSTRACT: 88** 89** The noauth DG authentication module. 90** 91** 92*/ 93 94#include <noauthdg.h> 95 96EXTERNAL int rpc_g_noauth_alloc_count; 97EXTERNAL int rpc_g_noauth_free_count; 98 99INTERNAL rpc_dg_auth_epv_t rpc_g_noauth_dg_epv = 100{ 101 rpc_c_authn_dce_dummy, /* "3" */ 102 16, /* 10 bytes overhead, rounded up */ 103 8, /* 8 byte block */ 104 rpc__noauth_dg_create, 105 rpc__noauth_dg_pre_call, 106 rpc__noauth_dg_encrypt, 107 rpc__noauth_dg_pre_send, 108 rpc__noauth_dg_recv_ck, 109 rpc__noauth_dg_who_are_you, 110 rpc__noauth_dg_way_handler 111}; 112 113/* 114 * R P C _ _ N O A U T H _ D G _ E N C R Y P T 115 * 116 * Optionally encrypt user data in the packet. 117 */ 118 119PRIVATE void rpc__noauth_dg_encrypt 120( 121 rpc_auth_info_p_t info, 122 rpc_dg_xmitq_elt_p_t xqe, 123 unsigned32 *st 124) 125{ 126 *st = rpc_s_ok; 127} 128 129/* 130 * R P C _ _ N O A U T H _ D G _ P R E _ S E N D 131 * 132 * Optionally encrypt user data in the packet. 133 */ 134 135PRIVATE void rpc__noauth_dg_pre_send 136( 137 rpc_auth_info_p_t info, 138 rpc_dg_xmitq_elt_p_t pkt, 139 rpc_dg_pkt_hdr_p_t hdrp, 140 rpc_socket_iovec_p_t iov, 141 int iovlen, 142 dce_pointer_t cksum, 143 error_status_t *st 144) 145{ 146 *st = rpc_s_ok; 147} 148 149/* 150 * R P C _ _ N O A U T H _ D G _ R E C V _ C K 151 * 152 */ 153 154PRIVATE void rpc__noauth_dg_recv_ck 155( 156 rpc_auth_info_p_t info, 157 rpc_dg_recvq_elt_p_t pkt, 158 dce_pointer_t cksum, 159 error_status_t *st 160) 161{ 162 *st = rpc_s_ok; 163} 164 165/* 166 * R P C _ _ N O A U T H _ D G _ P R E _ C A L L 167 * 168 */ 169 170PRIVATE void rpc__noauth_dg_pre_call 171( 172 rpc_auth_info_p_t info, 173 handle_t h, 174 unsigned32 *st 175) 176{ 177 *st = rpc_s_ok; 178} 179 180/* 181 * R P C _ _ N O A U T H _ D G _ W A Y _ H A N D L E R 182 * 183 */ 184 185PRIVATE void rpc__noauth_dg_way_handler 186( 187 rpc_auth_info_p_t info, 188 ndr_byte *in_data, 189 signed32 in_len, 190 signed32 out_max_len, 191 ndr_byte *out_data, 192 signed32 *out_len, 193 unsigned32 *stp 194) 195{ 196 sec_krb_message message; 197 error_status_t st; 198 199 rpc_noauth_info_p_t noauth_info = (rpc_noauth_info_p_t)info; 200 201 *out_len = 0; 202 203 RPC_DBG_PRINTF(rpc_e_dbg_auth, 2, ("(rpc__noauth_dg_way_handler) %x called back\n", info)); 204 205 if (noauth_info->status != rpc_s_ok) 206 { 207 RPC_DBG_GPRINTF(("(rpc__noauth_dg_way_handler) handle was poisoned with %x\n", 208 noauth_info->status)); 209 *stp = noauth_info->status; 210 return; 211 } 212 213 message.data = 0; 214 message.length = 0; 215 216 st = sec_krb_dg_build_message (noauth_info->auth_info.u.auth_identity, 0, 0, 217 rpc_c_authn_level_none, noauth_info->auth_info.authz_protocol, 218 0, 0, 0, &message); 219 220 if (st != rpc_s_ok) 221 goto out; 222 223 if (message.length > out_max_len) 224 { 225 st = rpc_s_credentials_too_large; 226 goto out; 227 } 228 229 memcpy(out_data, message.data, message.length); 230 *out_len = message.length; 231out: 232 sec_krb_message_free(&message); 233 *stp = st; 234 return; 235} 236 237/* 238 * R P C _ _ N O A U T H _ D G _ W H O _ A R E _ Y O U 239 * 240 * Issue challenge to client; decompose response and sanity-check it. 241 */ 242 243PRIVATE void rpc__noauth_dg_who_are_you 244( 245 rpc_auth_info_p_t info, 246 handle_t h, 247 idl_uuid_t *actuid, 248 unsigned32 boot_time, 249 unsigned32 *seq, 250 idl_uuid_t *cas_uuid, 251 unsigned32 *stp 252) 253{ 254 rpc_noauth_info_p_t noauth_info = (rpc_noauth_info_p_t)info; 255 unsigned char inbuf[12]; /* XXX size */ 256 unsigned char outbuf[1000]; /* XXX size */ 257 unsigned_char_p_t server; 258 signed32 outlen; 259 sec_krb_message message; 260 int st; 261 262 /* XXX set up exception handler here around remote call? */ 263 RPC_DBG_PRINTF(rpc_e_dbg_auth, 2, ("(rpc__noauth_dg_way) %x doing callback\n", info)); 264 265 /* do call */ 266 (*conv_v3_0_c_epv.conv_who_are_you_auth) 267 (h, actuid, boot_time, inbuf, 0, sizeof(outbuf), 268 seq, cas_uuid, outbuf, &outlen, stp); 269 270 st = *stp; 271 if (st != rpc_s_ok) 272 { 273 RPC_DBG_GPRINTF(("(rpc__noauth_dg_way) conv_who_are_you_auth failed, st %x\n", st)); 274 return; 275 } 276 message.data = outbuf; 277 message.length = outlen; 278 279 *stp = sec_krb_dg_decode_message (&message, 0, 280 &noauth_info->client_name, 281 &noauth_info->client_pac, 282 &noauth_info->client_creds, /* FAKE-EPAC */ 283 &server, 284 &noauth_info->auth_info.authn_level, 285 &noauth_info->auth_info.authz_protocol, 286 0, 0, 0, 0); 287} 288 289/* 290 * R P C _ _ N O A U T H _ D G _ C R E A T E 291 * 292 * Issue challenge to client; decompose response and sanity-check it. 293 */ 294 295PRIVATE rpc_auth_info_p_t rpc__noauth_dg_create 296( 297 unsigned32 *stp 298) 299{ 300 rpc_noauth_info_p_t noauth_info; 301 302 RPC_MEM_ALLOC (noauth_info, rpc_noauth_info_p_t, sizeof (*noauth_info), RPC_C_MEM_UTIL, RPC_C_MEM_WAITOK); 303 304 rpc_g_noauth_alloc_count++; 305 RPC_DBG_PRINTF(rpc_e_dbg_auth, 1, 306 ("(rpc__noauth_dg_create) %x created (now %d active)\n", noauth_info, 307 rpc_g_noauth_alloc_count - rpc_g_noauth_free_count)); 308 309 memset (noauth_info, '\0', sizeof(*noauth_info)); 310 311 RPC_MUTEX_INIT(noauth_info->lock); 312 313 noauth_info->creds_valid = 0; 314 noauth_info->level_valid = 0; 315 noauth_info->client_valid = 0; 316 317 /* 318 * fill in the common auth_info stuff. 319 */ 320 321 noauth_info->auth_info.refcount = 1; 322 noauth_info->auth_info.server_princ_name = 0; 323 noauth_info->auth_info.authn_level = -1; 324 noauth_info->auth_info.authn_protocol = rpc_c_authn_dce_dummy; 325 noauth_info->auth_info.authz_protocol = rpc_c_authz_name; 326 noauth_info->auth_info.is_server = 1; 327 noauth_info->auth_info.u.s.privs = 0; 328 { /* FAKE-EPAC */ 329 noauth_info->auth_info.u.s.creds = 0; 330 } 331 332 /* XXX do other initialization here. */ 333 *stp = 0; 334 return (rpc_auth_info_p_t) noauth_info; 335} 336 337/* 338 * R P C _ _ N O A U T H _ D G _ I N I T 339 * 340 * Tell the datagram runtime about the noauth module. 341 * 342 */ 343 344PRIVATE rpc_protocol_id_t rpc__noauth_dg_init 345( 346 rpc_auth_rpc_prot_epv_p_t *epv, 347 unsigned32 *st 348) 349{ 350 *epv = (rpc_auth_rpc_prot_epv_p_t) (&rpc_g_noauth_dg_epv); 351 *st = rpc_s_ok; 352 return (RPC_C_PROTOCOL_ID_NCADG); 353} 354