1 |
|
|
/* $OpenBSD: svc_auth_unix.c,v 1.13 2015/11/01 03:45:29 guenther Exp $ */ |
2 |
|
|
|
3 |
|
|
/* |
4 |
|
|
* Copyright (c) 2010, Oracle America, Inc. |
5 |
|
|
* |
6 |
|
|
* Redistribution and use in source and binary forms, with or without |
7 |
|
|
* modification, are permitted provided that the following conditions are |
8 |
|
|
* met: |
9 |
|
|
* |
10 |
|
|
* * Redistributions of source code must retain the above copyright |
11 |
|
|
* notice, this list of conditions and the following disclaimer. |
12 |
|
|
* * Redistributions in binary form must reproduce the above |
13 |
|
|
* copyright notice, this list of conditions and the following |
14 |
|
|
* disclaimer in the documentation and/or other materials |
15 |
|
|
* provided with the distribution. |
16 |
|
|
* * Neither the name of the "Oracle America, Inc." nor the names of its |
17 |
|
|
* contributors may be used to endorse or promote products derived |
18 |
|
|
* from this software without specific prior written permission. |
19 |
|
|
* |
20 |
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
21 |
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
22 |
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
23 |
|
|
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
24 |
|
|
* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
25 |
|
|
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
26 |
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE |
27 |
|
|
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
28 |
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
29 |
|
|
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
30 |
|
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
31 |
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
32 |
|
|
*/ |
33 |
|
|
|
34 |
|
|
/* |
35 |
|
|
* svc_auth_unix.c |
36 |
|
|
* Handles UNIX flavor authentication parameters on the service side of rpc. |
37 |
|
|
* There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT. |
38 |
|
|
* _svcauth_unix does full blown unix style uid,gid+gids auth, |
39 |
|
|
* _svcauth_short uses a shorthand auth to index into a cache of longhand auths. |
40 |
|
|
* Note: the shorthand has been gutted for efficiency. |
41 |
|
|
*/ |
42 |
|
|
|
43 |
|
|
#include <stdio.h> |
44 |
|
|
#include <rpc/rpc.h> |
45 |
|
|
#include <string.h> |
46 |
|
|
|
47 |
|
|
/* |
48 |
|
|
* Unix longhand authenticator |
49 |
|
|
*/ |
50 |
|
|
enum auth_stat |
51 |
|
|
_svcauth_unix(struct svc_req *rqst, struct rpc_msg *msg) |
52 |
|
|
{ |
53 |
|
|
enum auth_stat stat; |
54 |
|
|
XDR xdrs; |
55 |
|
|
struct authunix_parms *aup; |
56 |
|
|
int32_t *buf; |
57 |
|
|
struct area { |
58 |
|
|
struct authunix_parms area_aup; |
59 |
|
|
char area_machname[MAX_MACHINE_NAME+1]; |
60 |
|
|
int area_gids[NGRPS]; |
61 |
|
|
} *area; |
62 |
|
|
u_int auth_len; |
63 |
|
|
u_int str_len, gid_len; |
64 |
|
|
u_int i; |
65 |
|
|
|
66 |
|
|
area = (struct area *) rqst->rq_clntcred; |
67 |
|
|
aup = &area->area_aup; |
68 |
|
|
aup->aup_machname = area->area_machname; |
69 |
|
|
aup->aup_gids = area->area_gids; |
70 |
|
|
auth_len = (u_int)msg->rm_call.cb_cred.oa_length; |
71 |
|
|
xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); |
72 |
|
|
buf = XDR_INLINE(&xdrs, auth_len); |
73 |
|
|
if (buf != NULL) { |
74 |
|
|
aup->aup_time = IXDR_GET_LONG(buf); |
75 |
|
|
str_len = IXDR_GET_U_LONG(buf); |
76 |
|
|
if (str_len > MAX_MACHINE_NAME) { |
77 |
|
|
stat = AUTH_BADCRED; |
78 |
|
|
goto done; |
79 |
|
|
} |
80 |
|
|
memcpy(aup->aup_machname, (caddr_t)buf, (u_int)str_len); |
81 |
|
|
aup->aup_machname[str_len] = 0; |
82 |
|
|
str_len = RNDUP(str_len); |
83 |
|
|
buf += str_len / sizeof (int32_t); |
84 |
|
|
aup->aup_uid = IXDR_GET_LONG(buf); |
85 |
|
|
aup->aup_gid = IXDR_GET_LONG(buf); |
86 |
|
|
gid_len = IXDR_GET_U_LONG(buf); |
87 |
|
|
if (gid_len > NGRPS) { |
88 |
|
|
stat = AUTH_BADCRED; |
89 |
|
|
goto done; |
90 |
|
|
} |
91 |
|
|
aup->aup_len = gid_len; |
92 |
|
|
for (i = 0; i < gid_len; i++) { |
93 |
|
|
aup->aup_gids[i] = IXDR_GET_LONG(buf); |
94 |
|
|
} |
95 |
|
|
/* |
96 |
|
|
* five is the smallest unix credentials structure - |
97 |
|
|
* timestamp, hostname len (0), uid, gid, and gids len (0). |
98 |
|
|
*/ |
99 |
|
|
if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { |
100 |
|
|
stat = AUTH_BADCRED; |
101 |
|
|
goto done; |
102 |
|
|
} |
103 |
|
|
} else if (! xdr_authunix_parms(&xdrs, aup)) { |
104 |
|
|
xdrs.x_op = XDR_FREE; |
105 |
|
|
(void)xdr_authunix_parms(&xdrs, aup); |
106 |
|
|
stat = AUTH_BADCRED; |
107 |
|
|
goto done; |
108 |
|
|
} |
109 |
|
|
rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL; |
110 |
|
|
rqst->rq_xprt->xp_verf.oa_length = 0; |
111 |
|
|
stat = AUTH_OK; |
112 |
|
|
done: |
113 |
|
|
XDR_DESTROY(&xdrs); |
114 |
|
|
return (stat); |
115 |
|
|
} |
116 |
|
|
DEF_STRONG(_svcauth_unix); |
117 |
|
|
|
118 |
|
|
|
119 |
|
|
/* |
120 |
|
|
* Shorthand unix authenticator |
121 |
|
|
* Looks up longhand in a cache. |
122 |
|
|
*/ |
123 |
|
|
enum auth_stat |
124 |
|
|
_svcauth_short(struct svc_req *rqst, struct rpc_msg *msg) |
125 |
|
|
{ |
126 |
|
|
return (AUTH_REJECTEDCRED); |
127 |
|
|
} |
128 |
|
|
DEF_STRONG(_svcauth_short); |