1/*
2 * Copyright (c) 2010 Apple Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1.  Redistributions of source code must retain the above copyright
11 *     notice, this list of conditions and the following disclaimer.
12 * 2.  Redistributions in binary form must reproduce the above copyright
13 *     notice, this list of conditions and the following disclaimer in the
14 *     documentation and/or other materials provided with the distribution.
15 * 3.  Neither the name of Apple Inc. ("Apple") nor the names of its
16 *     contributors may be used to endorse or promote products derived from
17 *     this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
20 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
23 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 *
30 * Portions of this software have been released under the following terms:
31 *
32 * (c) Copyright 1989-1993 OPEN SOFTWARE FOUNDATION, INC.
33 * (c) Copyright 1989-1993 HEWLETT-PACKARD COMPANY
34 * (c) Copyright 1989-1993 DIGITAL EQUIPMENT CORPORATION
35 *
36 * To anyone who acknowledges that this file is provided "AS IS"
37 * without any express or implied warranty:
38 * permission to use, copy, modify, and distribute this file for any
39 * purpose is hereby granted without fee, provided that the above
40 * copyright notices and this notice appears in all source code copies,
41 * and that none of the names of Open Software Foundation, Inc., Hewlett-
42 * Packard Company or Digital Equipment Corporation be used
43 * in advertising or publicity pertaining to distribution of the software
44 * without specific, written prior permission.  Neither Open Software
45 * Foundation, Inc., Hewlett-Packard Company nor Digital
46 * Equipment Corporation makes any representations about the suitability
47 * of this software for any purpose.
48 *
49 * Copyright (c) 2007, Novell, Inc. All rights reserved.
50 * Redistribution and use in source and binary forms, with or without
51 * modification, are permitted provided that the following conditions
52 * are met:
53 *
54 * 1.  Redistributions of source code must retain the above copyright
55 *     notice, this list of conditions and the following disclaimer.
56 * 2.  Redistributions in binary form must reproduce the above copyright
57 *     notice, this list of conditions and the following disclaimer in the
58 *     documentation and/or other materials provided with the distribution.
59 * 3.  Neither the name of Novell Inc. nor the names of its contributors
60 *     may be used to endorse or promote products derived from this
61 *     this software without specific prior written permission.
62 *
63 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
64 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
65 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
66 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY
67 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
68 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
69 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
70 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
71 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
72 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
73 *
74 * @APPLE_LICENSE_HEADER_END@
75 */
76
77/*
78**
79**  NAME
80**
81**      rpcdgcom.c
82**
83**  FACILITY:
84**
85**      Remote Procedure Call (RPC)
86**
87**  ABSTRACT:
88**
89**  The noauth DG authentication module.
90**
91**
92*/
93
94#include <noauthdg.h>
95
96EXTERNAL int rpc_g_noauth_alloc_count;
97EXTERNAL int rpc_g_noauth_free_count;
98
99INTERNAL rpc_dg_auth_epv_t rpc_g_noauth_dg_epv =
100{
101    rpc_c_authn_dce_dummy,      /* "3" */
102    16,                         /* 10 bytes overhead, rounded up */
103    8,                          /* 8 byte block */
104    rpc__noauth_dg_create,
105    rpc__noauth_dg_pre_call,
106    rpc__noauth_dg_encrypt,
107    rpc__noauth_dg_pre_send,
108    rpc__noauth_dg_recv_ck,
109    rpc__noauth_dg_who_are_you,
110    rpc__noauth_dg_way_handler
111};
112
113/*
114 * R P C _ _ N O A U T H _ D G _ E N C R Y P T
115 *
116 * Optionally encrypt user data in the packet.
117 */
118
119PRIVATE void rpc__noauth_dg_encrypt
120(
121        rpc_auth_info_p_t               info,
122        rpc_dg_xmitq_elt_p_t            xqe,
123        unsigned32                      *st
124)
125{
126    *st = rpc_s_ok;
127}
128
129/*
130 * R P C _ _ N O A U T H _ D G _ P R E _ S E N D
131 *
132 * Optionally encrypt user data in the packet.
133 */
134
135PRIVATE void rpc__noauth_dg_pre_send
136(
137        rpc_auth_info_p_t info,
138        rpc_dg_xmitq_elt_p_t pkt,
139        rpc_dg_pkt_hdr_p_t hdrp,
140        rpc_socket_iovec_p_t iov,
141        int iovlen,
142        dce_pointer_t cksum,
143        error_status_t *st
144)
145{
146    *st = rpc_s_ok;
147}
148
149/*
150 * R P C _ _ N O A U T H _ D G _ R E C V _ C K
151 *
152 */
153
154PRIVATE void rpc__noauth_dg_recv_ck
155(
156        rpc_auth_info_p_t info,
157        rpc_dg_recvq_elt_p_t pkt,
158        dce_pointer_t cksum,
159        error_status_t *st
160)
161{
162    *st = rpc_s_ok;
163}
164
165/*
166 * R P C _ _ N O A U T H _ D G _ P R E _ C A L L
167 *
168 */
169
170PRIVATE void rpc__noauth_dg_pre_call
171(
172        rpc_auth_info_p_t info,
173        handle_t h,
174        unsigned32 *st
175)
176{
177    *st = rpc_s_ok;
178}
179
180/*
181 * R P C _ _ N O A U T H _ D G _ W A Y _ H A N D L E R
182 *
183 */
184
185PRIVATE void rpc__noauth_dg_way_handler
186(
187        rpc_auth_info_p_t info,
188        ndr_byte *in_data,
189        signed32 in_len,
190        signed32 out_max_len,
191        ndr_byte *out_data,
192        signed32 *out_len,
193        unsigned32 *stp
194)
195{
196    sec_krb_message message;
197    error_status_t st;
198
199    rpc_noauth_info_p_t noauth_info = (rpc_noauth_info_p_t)info;
200
201    *out_len = 0;
202
203    RPC_DBG_PRINTF(rpc_e_dbg_auth, 2, ("(rpc__noauth_dg_way_handler) %x called back\n", info));
204
205    if (noauth_info->status != rpc_s_ok)
206    {
207        RPC_DBG_GPRINTF(("(rpc__noauth_dg_way_handler) handle was poisoned with %x\n",
208            noauth_info->status));
209        *stp = noauth_info->status;
210        return;
211    }
212
213    message.data = 0;
214    message.length = 0;
215
216    st = sec_krb_dg_build_message (noauth_info->auth_info.u.auth_identity, 0, 0,
217        rpc_c_authn_level_none, noauth_info->auth_info.authz_protocol,
218        0, 0, 0, &message);
219
220    if (st != rpc_s_ok)
221        goto out;
222
223    if (message.length > out_max_len)
224    {
225        st = rpc_s_credentials_too_large;
226        goto out;
227    }
228
229    memcpy(out_data, message.data, message.length);
230    *out_len = message.length;
231out:
232    sec_krb_message_free(&message);
233    *stp = st;
234    return;
235}
236
237/*
238 * R P C _ _ N O A U T H _ D G _ W H O _ A R E _ Y O U
239 *
240 * Issue challenge to client; decompose response and sanity-check it.
241 */
242
243PRIVATE void rpc__noauth_dg_who_are_you
244(
245        rpc_auth_info_p_t info,
246        handle_t h,
247        idl_uuid_t *actuid,
248        unsigned32 boot_time,
249        unsigned32 *seq,
250        idl_uuid_t *cas_uuid,
251        unsigned32 *stp
252)
253{
254    rpc_noauth_info_p_t noauth_info = (rpc_noauth_info_p_t)info;
255    unsigned char inbuf[12];    /* XXX size */
256    unsigned char outbuf[1000]; /* XXX size */
257    unsigned_char_p_t server;
258    signed32 outlen;
259    sec_krb_message message;
260    int st;
261
262    /* XXX set up exception handler here around remote call? */
263    RPC_DBG_PRINTF(rpc_e_dbg_auth, 2, ("(rpc__noauth_dg_way) %x doing callback\n", info));
264
265    /* do call */
266    (*conv_v3_0_c_epv.conv_who_are_you_auth)
267        (h, actuid, boot_time, inbuf, 0, sizeof(outbuf),
268         seq, cas_uuid, outbuf, &outlen, stp);
269
270    st = *stp;
271    if (st != rpc_s_ok)
272    {
273        RPC_DBG_GPRINTF(("(rpc__noauth_dg_way) conv_who_are_you_auth failed, st %x\n", st));
274        return;
275    }
276    message.data = outbuf;
277    message.length = outlen;
278
279    *stp = sec_krb_dg_decode_message (&message, 0,
280        &noauth_info->client_name,
281        &noauth_info->client_pac,
282        &noauth_info->client_creds,    /* FAKE-EPAC */
283        &server,
284        &noauth_info->auth_info.authn_level,
285        &noauth_info->auth_info.authz_protocol,
286        0, 0, 0, 0);
287}
288
289/*
290 * R P C _ _ N O A U T H _ D G _ C R E A T E
291 *
292 * Issue challenge to client; decompose response and sanity-check it.
293 */
294
295PRIVATE rpc_auth_info_p_t rpc__noauth_dg_create
296(
297        unsigned32 *stp
298)
299{
300    rpc_noauth_info_p_t noauth_info;
301
302    RPC_MEM_ALLOC (noauth_info, rpc_noauth_info_p_t, sizeof (*noauth_info), RPC_C_MEM_UTIL, RPC_C_MEM_WAITOK);
303
304    rpc_g_noauth_alloc_count++;
305    RPC_DBG_PRINTF(rpc_e_dbg_auth, 1,
306        ("(rpc__noauth_dg_create) %x created (now %d active)\n", noauth_info,
307            rpc_g_noauth_alloc_count - rpc_g_noauth_free_count));
308
309    memset (noauth_info, '\0', sizeof(*noauth_info));
310
311    RPC_MUTEX_INIT(noauth_info->lock);
312
313    noauth_info->creds_valid = 0;
314    noauth_info->level_valid = 0;
315    noauth_info->client_valid = 0;
316
317    /*
318     * fill in the common auth_info stuff.
319     */
320
321    noauth_info->auth_info.refcount = 1;
322    noauth_info->auth_info.server_princ_name = 0;
323    noauth_info->auth_info.authn_level = -1;
324    noauth_info->auth_info.authn_protocol = rpc_c_authn_dce_dummy;
325    noauth_info->auth_info.authz_protocol = rpc_c_authz_name;
326    noauth_info->auth_info.is_server = 1;
327    noauth_info->auth_info.u.s.privs = 0;
328    { /* FAKE-EPAC */
329	noauth_info->auth_info.u.s.creds = 0;
330    }
331
332    /* XXX do other initialization here. */
333    *stp = 0;
334    return (rpc_auth_info_p_t) noauth_info;
335}
336
337/*
338 * R P C _ _ N O A U T H _ D G _ I N I T
339 *
340 * Tell the datagram runtime about the noauth module.
341 *
342 */
343
344PRIVATE rpc_protocol_id_t rpc__noauth_dg_init
345(
346        rpc_auth_rpc_prot_epv_p_t       *epv,
347        unsigned32                      *st
348)
349{
350    *epv = (rpc_auth_rpc_prot_epv_p_t) (&rpc_g_noauth_dg_epv);
351    *st = rpc_s_ok;
352    return (RPC_C_PROTOCOL_ID_NCADG);
353}
354