1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22
23 /*
24 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
25 * Use is subject to license terms.
26 */
27
28 #pragma ident "%Z%%M% %I% %E% SMI"
29
30 /*
31 * Handles the loopback UNIX flavor authentication parameters on the
32 * service side of rpc.
33 */
34
35 #include "mt.h"
36 #include <stdio.h>
37 #include <rpc/rpc.h>
38 #include <syslog.h>
39 #include <sys/types.h>
40
41 /*
42 * Loopback system (Unix) longhand authenticator
43 */
44 enum auth_stat
__svcauth_loopback(struct svc_req * rqst,struct rpc_msg * msg)45 __svcauth_loopback(struct svc_req *rqst, struct rpc_msg *msg)
46 {
47 enum auth_stat stat;
48 XDR xdrs;
49 struct authsys_parms *aup;
50 rpc_inline_t *buf;
51 struct area {
52 struct authsys_parms area_aup;
53 char area_machname[MAX_MACHINE_NAME+1];
54 gid_t area_gids[NGRPS_LOOPBACK];
55 } *area;
56 size_t auth_len;
57 size_t str_len, gid_len;
58 int i;
59
60 /* LINTED pointer cast */
61 area = (struct area *)rqst->rq_clntcred;
62 aup = &area->area_aup;
63 aup->aup_machname = area->area_machname;
64 aup->aup_gids = area->area_gids;
65 auth_len = (size_t)msg->rm_call.cb_cred.oa_length;
66 if (auth_len == 0)
67 return (AUTH_BADCRED);
68 xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,
69 XDR_DECODE);
70 buf = XDR_INLINE(&xdrs, auth_len);
71 if (buf != NULL) {
72 aup->aup_time = IXDR_GET_INT32(buf);
73 str_len = IXDR_GET_U_INT32(buf);
74 if (str_len > MAX_MACHINE_NAME) {
75 stat = AUTH_BADCRED;
76 goto done;
77 }
78 (void) memcpy(aup->aup_machname, buf, str_len);
79 aup->aup_machname[str_len] = 0;
80 str_len = RNDUP(str_len);
81 buf += str_len / sizeof (int);
82 aup->aup_uid = IXDR_GET_INT32(buf);
83 aup->aup_gid = IXDR_GET_INT32(buf);
84 gid_len = IXDR_GET_U_INT32(buf);
85 if (gid_len > NGRPS_LOOPBACK) {
86 stat = AUTH_BADCRED;
87 goto done;
88 }
89 aup->aup_len = gid_len;
90 for (i = 0; i < gid_len; i++) {
91 aup->aup_gids[i] = (gid_t)IXDR_GET_INT32(buf);
92 }
93 /*
94 * five is the smallest unix credentials structure -
95 * timestamp, hostname len (0), uid, gid, and gids len (0).
96 */
97 if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
98 (void) syslog(LOG_ERR,
99 "bad auth_len gid %lu str %lu auth %lu",
100 gid_len, str_len, auth_len);
101 stat = AUTH_BADCRED;
102 goto done;
103 }
104 } else if (!xdr_authloopback_parms(&xdrs, aup)) {
105 xdrs.x_op = XDR_FREE;
106 (void) xdr_authloopback_parms(&xdrs, aup);
107 stat = AUTH_BADCRED;
108 goto done;
109 }
110 rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL;
111 rqst->rq_xprt->xp_verf.oa_length = 0;
112 stat = AUTH_OK;
113 done:
114 XDR_DESTROY(&xdrs);
115 return (stat);
116 }
117