xref: /csrg-svn/lib/librpc/rpc/svc_auth_unix.c (revision 45090) 
1*45090Smckusick /* @(#)svc_auth_unix.c	2.3 88/08/01 4.0 RPCSRC; from 1.28 88/02/08 SMI */
2*45090Smckusick /*
3*45090Smckusick  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
4*45090Smckusick  * unrestricted use provided that this legend is included on all tape
5*45090Smckusick  * media and as a part of the software program in whole or part.  Users
6*45090Smckusick  * may copy or modify Sun RPC without charge, but are not authorized
7*45090Smckusick  * to license or distribute it to anyone else except as part of a product or
8*45090Smckusick  * program developed by the user.
9*45090Smckusick  *
10*45090Smckusick  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
11*45090Smckusick  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
12*45090Smckusick  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
13*45090Smckusick  *
14*45090Smckusick  * Sun RPC is provided with no support and without any obligation on the
15*45090Smckusick  * part of Sun Microsystems, Inc. to assist in its use, correction,
16*45090Smckusick  * modification or enhancement.
17*45090Smckusick  *
18*45090Smckusick  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
19*45090Smckusick  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
20*45090Smckusick  * OR ANY PART THEREOF.
21*45090Smckusick  *
22*45090Smckusick  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
23*45090Smckusick  * or profits or other special, indirect and consequential damages, even if
24*45090Smckusick  * Sun has been advised of the possibility of such damages.
25*45090Smckusick  *
26*45090Smckusick  * Sun Microsystems, Inc.
27*45090Smckusick  * 2550 Garcia Avenue
28*45090Smckusick  * Mountain View, California  94043
29*45090Smckusick  */
30*45090Smckusick #if !defined(lint) && defined(SCCSIDS)
31*45090Smckusick static char sccsid[] = "@(#)svc_auth_unix.c 1.28 88/02/08 Copyr 1984 Sun Micro";
32*45090Smckusick #endif
33*45090Smckusick 
34*45090Smckusick /*
35*45090Smckusick  * svc_auth_unix.c
36*45090Smckusick  * Handles UNIX flavor authentication parameters on the service side of rpc.
37*45090Smckusick  * There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT.
38*45090Smckusick  * _svcauth_unix does full blown unix style uid,gid+gids auth,
39*45090Smckusick  * _svcauth_short uses a shorthand auth to index into a cache of longhand auths.
40*45090Smckusick  * Note: the shorthand has been gutted for efficiency.
41*45090Smckusick  *
42*45090Smckusick  * Copyright (C) 1984, Sun Microsystems, Inc.
43*45090Smckusick  */
44*45090Smckusick 
45*45090Smckusick #include <stdio.h>
46*45090Smckusick #include <rpc/rpc.h>
47*45090Smckusick 
48*45090Smckusick /*
49*45090Smckusick  * Unix longhand authenticator
50*45090Smckusick  */
51*45090Smckusick enum auth_stat
_svcauth_unix(rqst,msg)52*45090Smckusick _svcauth_unix(rqst, msg)
53*45090Smckusick 	register struct svc_req *rqst;
54*45090Smckusick 	register struct rpc_msg *msg;
55*45090Smckusick {
56*45090Smckusick 	register enum auth_stat stat;
57*45090Smckusick 	XDR xdrs;
58*45090Smckusick 	register struct authunix_parms *aup;
59*45090Smckusick 	register long *buf;
60*45090Smckusick 	struct area {
61*45090Smckusick 		struct authunix_parms area_aup;
62*45090Smckusick 		char area_machname[MAX_MACHINE_NAME+1];
63*45090Smckusick 		int area_gids[NGRPS];
64*45090Smckusick 	} *area;
65*45090Smckusick 	u_int auth_len;
66*45090Smckusick 	int str_len, gid_len;
67*45090Smckusick 	register int i;
68*45090Smckusick 
69*45090Smckusick 	area = (struct area *) rqst->rq_clntcred;
70*45090Smckusick 	aup = &area->area_aup;
71*45090Smckusick 	aup->aup_machname = area->area_machname;
72*45090Smckusick 	aup->aup_gids = area->area_gids;
73*45090Smckusick 	auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
74*45090Smckusick 	xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
75*45090Smckusick 	buf = XDR_INLINE(&xdrs, auth_len);
76*45090Smckusick 	if (buf != NULL) {
77*45090Smckusick 		aup->aup_time = IXDR_GET_LONG(buf);
78*45090Smckusick 		str_len = IXDR_GET_U_LONG(buf);
79*45090Smckusick 		if (str_len > MAX_MACHINE_NAME) {
80*45090Smckusick 			stat = AUTH_BADCRED;
81*45090Smckusick 			goto done;
82*45090Smckusick 		}
83*45090Smckusick 		bcopy((caddr_t)buf, aup->aup_machname, (u_int)str_len);
84*45090Smckusick 		aup->aup_machname[str_len] = 0;
85*45090Smckusick 		str_len = RNDUP(str_len);
86*45090Smckusick 		buf += str_len / sizeof (long);
87*45090Smckusick 		aup->aup_uid = IXDR_GET_LONG(buf);
88*45090Smckusick 		aup->aup_gid = IXDR_GET_LONG(buf);
89*45090Smckusick 		gid_len = IXDR_GET_U_LONG(buf);
90*45090Smckusick 		if (gid_len > NGRPS) {
91*45090Smckusick 			stat = AUTH_BADCRED;
92*45090Smckusick 			goto done;
93*45090Smckusick 		}
94*45090Smckusick 		aup->aup_len = gid_len;
95*45090Smckusick 		for (i = 0; i < gid_len; i++) {
96*45090Smckusick 			aup->aup_gids[i] = IXDR_GET_LONG(buf);
97*45090Smckusick 		}
98*45090Smckusick 		/*
99*45090Smckusick 		 * five is the smallest unix credentials structure -
100*45090Smckusick 		 * timestamp, hostname len (0), uid, gid, and gids len (0).
101*45090Smckusick 		 */
102*45090Smckusick 		if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
103*45090Smckusick 			(void) printf("bad auth_len gid %d str %d auth %d\n",
104*45090Smckusick 			    gid_len, str_len, auth_len);
105*45090Smckusick 			stat = AUTH_BADCRED;
106*45090Smckusick 			goto done;
107*45090Smckusick 		}
108*45090Smckusick 	} else if (! xdr_authunix_parms(&xdrs, aup)) {
109*45090Smckusick 		xdrs.x_op = XDR_FREE;
110*45090Smckusick 		(void)xdr_authunix_parms(&xdrs, aup);
111*45090Smckusick 		stat = AUTH_BADCRED;
112*45090Smckusick 		goto done;
113*45090Smckusick 	}
114*45090Smckusick 	rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL;
115*45090Smckusick 	rqst->rq_xprt->xp_verf.oa_length = 0;
116*45090Smckusick 	stat = AUTH_OK;
117*45090Smckusick done:
118*45090Smckusick 	XDR_DESTROY(&xdrs);
119*45090Smckusick 	return (stat);
120*45090Smckusick }
121*45090Smckusick 
122*45090Smckusick 
123*45090Smckusick /*
124*45090Smckusick  * Shorthand unix authenticator
125*45090Smckusick  * Looks up longhand in a cache.
126*45090Smckusick  */
127*45090Smckusick /*ARGSUSED*/
128*45090Smckusick enum auth_stat
_svcauth_short(rqst,msg)129*45090Smckusick _svcauth_short(rqst, msg)
130*45090Smckusick 	struct svc_req *rqst;
131*45090Smckusick 	struct rpc_msg *msg;
132*45090Smckusick {
133*45090Smckusick 	return (AUTH_REJECTEDCRED);
134*45090Smckusick }
135