1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2009, Sun Microsystems, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions are met: 9 * - Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * - Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * - Neither the name of Sun Microsystems, Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 * POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include <sys/cdefs.h> 32 /* 33 * auth_none.c 34 * Creates a client authentication handle for passing "null" 35 * credentials and verifiers to remote systems. 36 * 37 * Copyright (C) 1984, Sun Microsystems, Inc. 38 */ 39 40 /* 41 * Modified from auth_none.c to expect a reply verifier of "STARTTLS" 42 * for the RPC-over-TLS STARTTLS command. 43 */ 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/kernel.h> 48 #include <sys/lock.h> 49 #include <sys/malloc.h> 50 #include <sys/mutex.h> 51 52 #include <rpc/types.h> 53 #include <rpc/xdr.h> 54 #include <rpc/auth.h> 55 #include <rpc/clnt.h> 56 #include <rpc/rpcsec_tls.h> 57 58 #define MAX_MARSHAL_SIZE 20 59 60 /* 61 * Authenticator operations routines 62 */ 63 64 static bool_t authtls_marshal (AUTH *, uint32_t, XDR *, struct mbuf *); 65 static void authtls_verf (AUTH *); 66 static bool_t authtls_validate (AUTH *, uint32_t, struct opaque_auth *, 67 struct mbuf **); 68 static bool_t authtls_refresh (AUTH *, void *); 69 static void authtls_destroy (AUTH *); 70 71 static const struct auth_ops authtls_ops = { 72 .ah_nextverf = authtls_verf, 73 .ah_marshal = authtls_marshal, 74 .ah_validate = authtls_validate, 75 .ah_refresh = authtls_refresh, 76 .ah_destroy = authtls_destroy, 77 }; 78 79 struct authtls_private { 80 AUTH no_client; 81 char mclient[MAX_MARSHAL_SIZE]; 82 u_int mcnt; 83 }; 84 85 static struct authtls_private authtls_private; 86 static struct opaque_auth _tls_null_auth; 87 88 static void 89 authtls_init(void *dummy) 90 { 91 struct authtls_private *ap = &authtls_private; 92 XDR xdrs; 93 94 _tls_null_auth.oa_flavor = AUTH_TLS; 95 _tls_null_auth.oa_base = NULL; 96 _tls_null_auth.oa_length = 0; 97 ap->no_client.ah_cred = _tls_null_auth; 98 ap->no_client.ah_verf = _null_auth; 99 ap->no_client.ah_ops = &authtls_ops; 100 xdrmem_create(&xdrs, ap->mclient, MAX_MARSHAL_SIZE, XDR_ENCODE); 101 xdr_opaque_auth(&xdrs, &ap->no_client.ah_cred); 102 xdr_opaque_auth(&xdrs, &ap->no_client.ah_verf); 103 ap->mcnt = XDR_GETPOS(&xdrs); 104 XDR_DESTROY(&xdrs); 105 } 106 SYSINIT(authtls_init, SI_SUB_KMEM, SI_ORDER_ANY, authtls_init, NULL); 107 108 AUTH * 109 authtls_create(void) 110 { 111 struct authtls_private *ap = &authtls_private; 112 113 return (&ap->no_client); 114 } 115 116 /*ARGSUSED*/ 117 static bool_t 118 authtls_marshal(AUTH *client, uint32_t xid, XDR *xdrs, struct mbuf *args) 119 { 120 struct authtls_private *ap = &authtls_private; 121 122 KASSERT(xdrs != NULL, ("authtls_marshal: xdrs is null")); 123 124 if (!XDR_PUTBYTES(xdrs, ap->mclient, ap->mcnt)) 125 return (FALSE); 126 127 xdrmbuf_append(xdrs, args); 128 129 return (TRUE); 130 } 131 132 /* All these unused parameters are required to keep ANSI-C from grumbling */ 133 /*ARGSUSED*/ 134 static void 135 authtls_verf(AUTH *client) 136 { 137 } 138 139 /*ARGSUSED*/ 140 static bool_t 141 authtls_validate(AUTH *client, uint32_t xid, struct opaque_auth *opaque, 142 struct mbuf **mrepp) 143 { 144 size_t strsiz; 145 146 strsiz = strlen(RPCTLS_START_STRING); 147 /* The verifier must be the string RPCTLS_START_STRING. */ 148 if (opaque != NULL && 149 (opaque->oa_length != strsiz || memcmp(opaque->oa_base, 150 RPCTLS_START_STRING, strsiz) != 0)) 151 return (FALSE); 152 return (TRUE); 153 } 154 155 /*ARGSUSED*/ 156 static bool_t 157 authtls_refresh(AUTH *client, void *dummy) 158 { 159 160 return (FALSE); 161 } 162 163 /*ARGSUSED*/ 164 static void 165 authtls_destroy(AUTH *client) 166 { 167 } 168