1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2009, Sun Microsystems, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions are met: 9 * - Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * - Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * - Neither the name of Sun Microsystems, Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 * POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include <sys/cdefs.h> 32 __FBSDID("$FreeBSD$"); 33 34 /* 35 * auth_none.c 36 * Creates a client authentication handle for passing "null" 37 * credentials and verifiers to remote systems. 38 * 39 * Copyright (C) 1984, Sun Microsystems, Inc. 40 */ 41 42 /* 43 * Modified from auth_none.c to expect a reply verifier of "STARTTLS" 44 * for the RPC-over-TLS STARTTLS command. 45 */ 46 47 #include <sys/param.h> 48 #include <sys/systm.h> 49 #include <sys/kernel.h> 50 #include <sys/lock.h> 51 #include <sys/malloc.h> 52 #include <sys/mutex.h> 53 54 #include <rpc/types.h> 55 #include <rpc/xdr.h> 56 #include <rpc/auth.h> 57 #include <rpc/clnt.h> 58 #include <rpc/rpcsec_tls.h> 59 60 #define MAX_MARSHAL_SIZE 20 61 62 /* 63 * Authenticator operations routines 64 */ 65 66 static bool_t authtls_marshal (AUTH *, uint32_t, XDR *, struct mbuf *); 67 static void authtls_verf (AUTH *); 68 static bool_t authtls_validate (AUTH *, uint32_t, struct opaque_auth *, 69 struct mbuf **); 70 static bool_t authtls_refresh (AUTH *, void *); 71 static void authtls_destroy (AUTH *); 72 73 static const struct auth_ops authtls_ops = { 74 .ah_nextverf = authtls_verf, 75 .ah_marshal = authtls_marshal, 76 .ah_validate = authtls_validate, 77 .ah_refresh = authtls_refresh, 78 .ah_destroy = authtls_destroy, 79 }; 80 81 struct authtls_private { 82 AUTH no_client; 83 char mclient[MAX_MARSHAL_SIZE]; 84 u_int mcnt; 85 }; 86 87 static struct authtls_private authtls_private; 88 static struct opaque_auth _tls_null_auth; 89 90 static void 91 authtls_init(void *dummy) 92 { 93 struct authtls_private *ap = &authtls_private; 94 XDR xdrs; 95 96 _tls_null_auth.oa_flavor = AUTH_TLS; 97 _tls_null_auth.oa_base = NULL; 98 _tls_null_auth.oa_length = 0; 99 ap->no_client.ah_cred = _tls_null_auth; 100 ap->no_client.ah_verf = _null_auth; 101 ap->no_client.ah_ops = &authtls_ops; 102 xdrmem_create(&xdrs, ap->mclient, MAX_MARSHAL_SIZE, XDR_ENCODE); 103 xdr_opaque_auth(&xdrs, &ap->no_client.ah_cred); 104 xdr_opaque_auth(&xdrs, &ap->no_client.ah_verf); 105 ap->mcnt = XDR_GETPOS(&xdrs); 106 XDR_DESTROY(&xdrs); 107 } 108 SYSINIT(authtls_init, SI_SUB_KMEM, SI_ORDER_ANY, authtls_init, NULL); 109 110 AUTH * 111 authtls_create(void) 112 { 113 struct authtls_private *ap = &authtls_private; 114 115 return (&ap->no_client); 116 } 117 118 /*ARGSUSED*/ 119 static bool_t 120 authtls_marshal(AUTH *client, uint32_t xid, XDR *xdrs, struct mbuf *args) 121 { 122 struct authtls_private *ap = &authtls_private; 123 124 KASSERT(xdrs != NULL, ("authtls_marshal: xdrs is null")); 125 126 if (!XDR_PUTBYTES(xdrs, ap->mclient, ap->mcnt)) 127 return (FALSE); 128 129 xdrmbuf_append(xdrs, args); 130 131 return (TRUE); 132 } 133 134 /* All these unused parameters are required to keep ANSI-C from grumbling */ 135 /*ARGSUSED*/ 136 static void 137 authtls_verf(AUTH *client) 138 { 139 } 140 141 /*ARGSUSED*/ 142 static bool_t 143 authtls_validate(AUTH *client, uint32_t xid, struct opaque_auth *opaque, 144 struct mbuf **mrepp) 145 { 146 size_t strsiz; 147 148 strsiz = strlen(RPCTLS_START_STRING); 149 /* The verifier must be the string RPCTLS_START_STRING. */ 150 if (opaque != NULL && 151 (opaque->oa_length != strsiz || memcmp(opaque->oa_base, 152 RPCTLS_START_STRING, strsiz) != 0)) 153 return (FALSE); 154 return (TRUE); 155 } 156 157 /*ARGSUSED*/ 158 static bool_t 159 authtls_refresh(AUTH *client, void *dummy) 160 { 161 162 return (FALSE); 163 } 164 165 /*ARGSUSED*/ 166 static void 167 authtls_destroy(AUTH *client) 168 { 169 } 170