xref: /dragonfly/lib/libc/rpc/svc_auth_unix.c (revision ed5d5720) 
1 /*
2  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
3  * unrestricted use provided that this legend is included on all tape
4  * media and as a part of the software program in whole or part.  Users
5  * may copy or modify Sun RPC without charge, but are not authorized
6  * to license or distribute it to anyone else except as part of a product or
7  * program developed by the user.
8  *
9  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
10  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
11  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
12  *
13  * Sun RPC is provided with no support and without any obligation on the
14  * part of Sun Microsystems, Inc. to assist in its use, correction,
15  * modification or enhancement.
16  *
17  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
18  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
19  * OR ANY PART THEREOF.
20  *
21  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
22  * or profits or other special, indirect and consequential damages, even if
23  * Sun has been advised of the possibility of such damages.
24  *
25  * Sun Microsystems, Inc.
26  * 2550 Garcia Avenue
27  * Mountain View, California  94043
28  *
29  * @(#)svc_auth_unix.c 1.28 88/02/08 Copyr 1984 Sun Micro
30  * @(#)svc_auth_unix.c	2.3 88/08/01 4.0 RPCSRC
31  * $FreeBSD: src/lib/libc/rpc/svc_auth_unix.c,v 1.11 2004/10/16 06:11:35 obrien Exp $
32  * $DragonFly: src/lib/libc/rpc/svc_auth_unix.c,v 1.4 2005/11/13 12:27:04 swildner Exp $
33  */
34 
35 /*
36  * svc_auth_unix.c
37  * Handles UNIX flavor authentication parameters on the service side of rpc.
38  * There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT.
39  * _svcauth_unix does full blown unix style uid,gid+gids auth,
40  * _svcauth_short uses a shorthand auth to index into a cache of longhand auths.
41  * Note: the shorthand has been gutted for efficiency.
42  *
43  * Copyright (C) 1984, Sun Microsystems, Inc.
44  */
45 
46 #include "namespace.h"
47 #include <assert.h>
48 #include <stdio.h>
49 #include <string.h>
50 
51 #include <rpc/rpc.h>
52 #include "un-namespace.h"
53 
54 /*
55  * Unix longhand authenticator
56  */
57 enum auth_stat
58 _svcauth_unix(struct svc_req *rqst, struct rpc_msg *msg)
59 {
60 	enum auth_stat stat;
61 	XDR xdrs;
62 	struct authunix_parms *aup;
63 	int32_t *buf;
64 	struct area {
65 		struct authunix_parms area_aup;
66 		char area_machname[MAX_MACHINE_NAME+1];
67 		int area_gids[NGRPS];
68 	} *area;
69 	u_int auth_len;
70 	size_t str_len, gid_len;
71 	u_int i;
72 
73 	assert(rqst != NULL);
74 	assert(msg != NULL);
75 
76 	area = (struct area *) rqst->rq_clntcred;
77 	aup = &area->area_aup;
78 	aup->aup_machname = area->area_machname;
79 	aup->aup_gids = area->area_gids;
80 	auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
81 	xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
82 	buf = XDR_INLINE(&xdrs, auth_len);
83 	if (buf != NULL) {
84 		aup->aup_time = IXDR_GET_INT32(buf);
85 		str_len = (size_t)IXDR_GET_U_INT32(buf);
86 		if (str_len > MAX_MACHINE_NAME) {
87 			stat = AUTH_BADCRED;
88 			goto done;
89 		}
90 		memmove(aup->aup_machname, buf, str_len);
91 		aup->aup_machname[str_len] = 0;
92 		str_len = RNDUP(str_len);
93 		buf += str_len / sizeof (int32_t);
94 		aup->aup_uid = (int)IXDR_GET_INT32(buf);
95 		aup->aup_gid = (int)IXDR_GET_INT32(buf);
96 		gid_len = (size_t)IXDR_GET_U_INT32(buf);
97 		if (gid_len > NGRPS) {
98 			stat = AUTH_BADCRED;
99 			goto done;
100 		}
101 		aup->aup_len = gid_len;
102 		for (i = 0; i < gid_len; i++) {
103 			aup->aup_gids[i] = (int)IXDR_GET_INT32(buf);
104 		}
105 		/*
106 		 * five is the smallest unix credentials structure -
107 		 * timestamp, hostname len (0), uid, gid, and gids len (0).
108 		 */
109 		if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
110 			printf("bad auth_len gid %ld str %ld auth %u\n",
111 			    (long)gid_len, (long)str_len, auth_len);
112 			stat = AUTH_BADCRED;
113 			goto done;
114 		}
115 	} else if (! xdr_authunix_parms(&xdrs, aup)) {
116 		xdrs.x_op = XDR_FREE;
117 		xdr_authunix_parms(&xdrs, aup);
118 		stat = AUTH_BADCRED;
119 		goto done;
120 	}
121 
122        /* get the verifier */
123 	if ((u_int)msg->rm_call.cb_verf.oa_length) {
124 		rqst->rq_xprt->xp_verf.oa_flavor =
125 			msg->rm_call.cb_verf.oa_flavor;
126 		rqst->rq_xprt->xp_verf.oa_base =
127 			msg->rm_call.cb_verf.oa_base;
128 		rqst->rq_xprt->xp_verf.oa_length =
129 			msg->rm_call.cb_verf.oa_length;
130 	} else {
131 		rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL;
132 		rqst->rq_xprt->xp_verf.oa_length = 0;
133 	}
134 	stat = AUTH_OK;
135 done:
136 	XDR_DESTROY(&xdrs);
137 	return (stat);
138 }
139 
140 
141 /*
142  * Shorthand unix authenticator
143  * Looks up longhand in a cache.
144  */
145 /*ARGSUSED*/
146 enum auth_stat
147 _svcauth_short(struct svc_req *rqst, struct rpc_msg *msg)
148 {
149 	return (AUTH_REJECTEDCRED);
150 }
151