10Sstevel@tonic-gate /*
20Sstevel@tonic-gate * CDDL HEADER START
30Sstevel@tonic-gate *
40Sstevel@tonic-gate * The contents of this file are subject to the terms of the
50Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only
60Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance
70Sstevel@tonic-gate * with the License.
80Sstevel@tonic-gate *
90Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
100Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
110Sstevel@tonic-gate * See the License for the specific language governing permissions
120Sstevel@tonic-gate * and limitations under the License.
130Sstevel@tonic-gate *
140Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
150Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
160Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
170Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
180Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
190Sstevel@tonic-gate *
200Sstevel@tonic-gate * CDDL HEADER END
210Sstevel@tonic-gate */
22132Srobinson
230Sstevel@tonic-gate /*
24*1219Sraf * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
25132Srobinson * Use is subject to license terms.
260Sstevel@tonic-gate */
270Sstevel@tonic-gate
28132Srobinson #pragma ident "%Z%%M% %I% %E% SMI"
290Sstevel@tonic-gate
300Sstevel@tonic-gate /*
310Sstevel@tonic-gate * Handles the loopback UNIX flavor authentication parameters on the
320Sstevel@tonic-gate * service side of rpc.
330Sstevel@tonic-gate */
340Sstevel@tonic-gate
35*1219Sraf #include "mt.h"
360Sstevel@tonic-gate #include <stdio.h>
370Sstevel@tonic-gate #include <rpc/rpc.h>
380Sstevel@tonic-gate #include <syslog.h>
390Sstevel@tonic-gate #include <sys/types.h>
400Sstevel@tonic-gate
410Sstevel@tonic-gate /*
420Sstevel@tonic-gate * Loopback system (Unix) longhand authenticator
430Sstevel@tonic-gate */
440Sstevel@tonic-gate enum auth_stat
__svcauth_loopback(struct svc_req * rqst,struct rpc_msg * msg)450Sstevel@tonic-gate __svcauth_loopback(struct svc_req *rqst, struct rpc_msg *msg)
460Sstevel@tonic-gate {
470Sstevel@tonic-gate enum auth_stat stat;
480Sstevel@tonic-gate XDR xdrs;
490Sstevel@tonic-gate struct authsys_parms *aup;
500Sstevel@tonic-gate rpc_inline_t *buf;
510Sstevel@tonic-gate struct area {
520Sstevel@tonic-gate struct authsys_parms area_aup;
530Sstevel@tonic-gate char area_machname[MAX_MACHINE_NAME+1];
540Sstevel@tonic-gate gid_t area_gids[NGRPS_LOOPBACK];
550Sstevel@tonic-gate } *area;
560Sstevel@tonic-gate size_t auth_len;
570Sstevel@tonic-gate size_t str_len, gid_len;
580Sstevel@tonic-gate int i;
590Sstevel@tonic-gate
60132Srobinson /* LINTED pointer cast */
610Sstevel@tonic-gate area = (struct area *)rqst->rq_clntcred;
620Sstevel@tonic-gate aup = &area->area_aup;
630Sstevel@tonic-gate aup->aup_machname = area->area_machname;
640Sstevel@tonic-gate aup->aup_gids = area->area_gids;
650Sstevel@tonic-gate auth_len = (size_t)msg->rm_call.cb_cred.oa_length;
660Sstevel@tonic-gate if (auth_len == 0)
670Sstevel@tonic-gate return (AUTH_BADCRED);
680Sstevel@tonic-gate xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,
690Sstevel@tonic-gate XDR_DECODE);
700Sstevel@tonic-gate buf = XDR_INLINE(&xdrs, auth_len);
710Sstevel@tonic-gate if (buf != NULL) {
720Sstevel@tonic-gate aup->aup_time = IXDR_GET_INT32(buf);
730Sstevel@tonic-gate str_len = IXDR_GET_U_INT32(buf);
740Sstevel@tonic-gate if (str_len > MAX_MACHINE_NAME) {
750Sstevel@tonic-gate stat = AUTH_BADCRED;
760Sstevel@tonic-gate goto done;
770Sstevel@tonic-gate }
780Sstevel@tonic-gate (void) memcpy(aup->aup_machname, buf, str_len);
790Sstevel@tonic-gate aup->aup_machname[str_len] = 0;
800Sstevel@tonic-gate str_len = RNDUP(str_len);
810Sstevel@tonic-gate buf += str_len / sizeof (int);
820Sstevel@tonic-gate aup->aup_uid = IXDR_GET_INT32(buf);
830Sstevel@tonic-gate aup->aup_gid = IXDR_GET_INT32(buf);
840Sstevel@tonic-gate gid_len = IXDR_GET_U_INT32(buf);
850Sstevel@tonic-gate if (gid_len > NGRPS_LOOPBACK) {
860Sstevel@tonic-gate stat = AUTH_BADCRED;
870Sstevel@tonic-gate goto done;
880Sstevel@tonic-gate }
890Sstevel@tonic-gate aup->aup_len = gid_len;
900Sstevel@tonic-gate for (i = 0; i < gid_len; i++) {
910Sstevel@tonic-gate aup->aup_gids[i] = (gid_t)IXDR_GET_INT32(buf);
920Sstevel@tonic-gate }
930Sstevel@tonic-gate /*
940Sstevel@tonic-gate * five is the smallest unix credentials structure -
950Sstevel@tonic-gate * timestamp, hostname len (0), uid, gid, and gids len (0).
960Sstevel@tonic-gate */
970Sstevel@tonic-gate if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
980Sstevel@tonic-gate (void) syslog(LOG_ERR,
990Sstevel@tonic-gate "bad auth_len gid %lu str %lu auth %lu",
1000Sstevel@tonic-gate gid_len, str_len, auth_len);
1010Sstevel@tonic-gate stat = AUTH_BADCRED;
1020Sstevel@tonic-gate goto done;
1030Sstevel@tonic-gate }
1040Sstevel@tonic-gate } else if (!xdr_authloopback_parms(&xdrs, aup)) {
1050Sstevel@tonic-gate xdrs.x_op = XDR_FREE;
1060Sstevel@tonic-gate (void) xdr_authloopback_parms(&xdrs, aup);
1070Sstevel@tonic-gate stat = AUTH_BADCRED;
1080Sstevel@tonic-gate goto done;
1090Sstevel@tonic-gate }
1100Sstevel@tonic-gate rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL;
1110Sstevel@tonic-gate rqst->rq_xprt->xp_verf.oa_length = 0;
1120Sstevel@tonic-gate stat = AUTH_OK;
1130Sstevel@tonic-gate done:
1140Sstevel@tonic-gate XDR_DESTROY(&xdrs);
1150Sstevel@tonic-gate return (stat);
1160Sstevel@tonic-gate }
117