1*0Sstevel@tonic-gate /* 2*0Sstevel@tonic-gate * CDDL HEADER START 3*0Sstevel@tonic-gate * 4*0Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*0Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*0Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*0Sstevel@tonic-gate * with the License. 8*0Sstevel@tonic-gate * 9*0Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*0Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*0Sstevel@tonic-gate * See the License for the specific language governing permissions 12*0Sstevel@tonic-gate * and limitations under the License. 13*0Sstevel@tonic-gate * 14*0Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*0Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*0Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*0Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*0Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*0Sstevel@tonic-gate * 20*0Sstevel@tonic-gate * CDDL HEADER END 21*0Sstevel@tonic-gate */ 22*0Sstevel@tonic-gate /* 23*0Sstevel@tonic-gate * Copyright 1989 Sun Microsystems, Inc. All rights reserved. 24*0Sstevel@tonic-gate * Use is subject to license terms. 25*0Sstevel@tonic-gate */ 26*0Sstevel@tonic-gate 27*0Sstevel@tonic-gate /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ 28*0Sstevel@tonic-gate /* All Rights Reserved */ 29*0Sstevel@tonic-gate 30*0Sstevel@tonic-gate /* 31*0Sstevel@tonic-gate * Portions of this source code were derived from Berkeley 4.3 BSD 32*0Sstevel@tonic-gate * under license from the Regents of the University of California. 33*0Sstevel@tonic-gate */ 34*0Sstevel@tonic-gate 35*0Sstevel@tonic-gate #ident "%Z%%M% %I% %E% SMI" 36*0Sstevel@tonic-gate 37*0Sstevel@tonic-gate /* 38*0Sstevel@tonic-gate * svc_auth_unix.c 39*0Sstevel@tonic-gate * Handles UNIX flavor authentication parameters on the service side of rpc. 40*0Sstevel@tonic-gate * There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT. 41*0Sstevel@tonic-gate * _svcauth_unix does full blown unix style uid, gid+gids auth, 42*0Sstevel@tonic-gate * _svcauth_short uses a shorthand auth to index into a cache of longhand auths. 43*0Sstevel@tonic-gate * Note: the shorthand has been gutted for efficiency. 44*0Sstevel@tonic-gate */ 45*0Sstevel@tonic-gate 46*0Sstevel@tonic-gate #include <sys/param.h> 47*0Sstevel@tonic-gate #include <sys/types.h> 48*0Sstevel@tonic-gate #include <sys/time.h> 49*0Sstevel@tonic-gate #include <sys/systm.h> 50*0Sstevel@tonic-gate #include <sys/stream.h> 51*0Sstevel@tonic-gate #include <sys/stropts.h> 52*0Sstevel@tonic-gate #include <sys/strsubr.h> 53*0Sstevel@tonic-gate #include <sys/tiuser.h> 54*0Sstevel@tonic-gate #include <sys/tihdr.h> 55*0Sstevel@tonic-gate #include <sys/t_kuser.h> 56*0Sstevel@tonic-gate #include <sys/cmn_err.h> 57*0Sstevel@tonic-gate 58*0Sstevel@tonic-gate #include <rpc/types.h> 59*0Sstevel@tonic-gate #include <rpc/xdr.h> 60*0Sstevel@tonic-gate #include <rpc/auth.h> 61*0Sstevel@tonic-gate #include <rpc/clnt.h> 62*0Sstevel@tonic-gate #include <rpc/rpc_msg.h> 63*0Sstevel@tonic-gate #include <rpc/svc.h> 64*0Sstevel@tonic-gate #include <rpc/auth_unix.h> 65*0Sstevel@tonic-gate #include <rpc/svc_auth.h> 66*0Sstevel@tonic-gate 67*0Sstevel@tonic-gate 68*0Sstevel@tonic-gate /* 69*0Sstevel@tonic-gate * Unix longhand authenticator 70*0Sstevel@tonic-gate */ 71*0Sstevel@tonic-gate enum auth_stat 72*0Sstevel@tonic-gate _svcauth_unix(struct svc_req *rqst, struct rpc_msg *msg) 73*0Sstevel@tonic-gate { 74*0Sstevel@tonic-gate enum auth_stat stat; 75*0Sstevel@tonic-gate XDR xdrs; 76*0Sstevel@tonic-gate struct authunix_parms *aup; 77*0Sstevel@tonic-gate int32_t *buf; 78*0Sstevel@tonic-gate struct area { 79*0Sstevel@tonic-gate struct authunix_parms area_aup; 80*0Sstevel@tonic-gate char area_machname[MAX_MACHINE_NAME+1]; 81*0Sstevel@tonic-gate u_int area_gids[NGRPS]; 82*0Sstevel@tonic-gate } *area; 83*0Sstevel@tonic-gate u_int auth_len; 84*0Sstevel@tonic-gate u_int str_len, gid_len; 85*0Sstevel@tonic-gate int i; 86*0Sstevel@tonic-gate 87*0Sstevel@tonic-gate /* LINTED pointer alignment */ 88*0Sstevel@tonic-gate area = (struct area *) rqst->rq_clntcred; 89*0Sstevel@tonic-gate aup = &area->area_aup; 90*0Sstevel@tonic-gate aup->aup_machname = area->area_machname; 91*0Sstevel@tonic-gate aup->aup_gids = (gid_t *)area->area_gids; 92*0Sstevel@tonic-gate auth_len = (u_int)msg->rm_call.cb_cred.oa_length; 93*0Sstevel@tonic-gate xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len, 94*0Sstevel@tonic-gate XDR_DECODE); 95*0Sstevel@tonic-gate buf = XDR_INLINE(&xdrs, auth_len); 96*0Sstevel@tonic-gate if (buf != NULL) { 97*0Sstevel@tonic-gate aup->aup_time = IXDR_GET_INT32(buf); 98*0Sstevel@tonic-gate str_len = IXDR_GET_U_INT32(buf); 99*0Sstevel@tonic-gate if (str_len > MAX_MACHINE_NAME) { 100*0Sstevel@tonic-gate stat = AUTH_BADCRED; 101*0Sstevel@tonic-gate goto done; 102*0Sstevel@tonic-gate } 103*0Sstevel@tonic-gate bcopy((caddr_t)buf, aup->aup_machname, (u_int)str_len); 104*0Sstevel@tonic-gate aup->aup_machname[str_len] = 0; 105*0Sstevel@tonic-gate str_len = RNDUP(str_len); 106*0Sstevel@tonic-gate buf += str_len / sizeof (int32_t); 107*0Sstevel@tonic-gate aup->aup_uid = IXDR_GET_INT32(buf); 108*0Sstevel@tonic-gate aup->aup_gid = IXDR_GET_INT32(buf); 109*0Sstevel@tonic-gate gid_len = IXDR_GET_U_INT32(buf); 110*0Sstevel@tonic-gate if (gid_len > NGRPS) { 111*0Sstevel@tonic-gate stat = AUTH_BADCRED; 112*0Sstevel@tonic-gate goto done; 113*0Sstevel@tonic-gate } 114*0Sstevel@tonic-gate aup->aup_len = gid_len; 115*0Sstevel@tonic-gate for (i = 0; i < gid_len; i++) { 116*0Sstevel@tonic-gate aup->aup_gids[i] = IXDR_GET_INT32(buf); 117*0Sstevel@tonic-gate } 118*0Sstevel@tonic-gate /* 119*0Sstevel@tonic-gate * five is the smallest unix credentials structure - 120*0Sstevel@tonic-gate * timestamp, hostname len (0), uid, gid, and gids len (0). 121*0Sstevel@tonic-gate */ 122*0Sstevel@tonic-gate if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { 123*0Sstevel@tonic-gate printf("bad auth_len gid %d str %d auth %d", 124*0Sstevel@tonic-gate gid_len, str_len, auth_len); 125*0Sstevel@tonic-gate stat = AUTH_BADCRED; 126*0Sstevel@tonic-gate goto done; 127*0Sstevel@tonic-gate } 128*0Sstevel@tonic-gate } else if (! xdr_authunix_parms(&xdrs, aup)) { 129*0Sstevel@tonic-gate xdrs.x_op = XDR_FREE; 130*0Sstevel@tonic-gate (void) xdr_authunix_parms(&xdrs, aup); 131*0Sstevel@tonic-gate stat = AUTH_BADCRED; 132*0Sstevel@tonic-gate goto done; 133*0Sstevel@tonic-gate } 134*0Sstevel@tonic-gate rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL; 135*0Sstevel@tonic-gate rqst->rq_xprt->xp_verf.oa_length = 0; 136*0Sstevel@tonic-gate stat = AUTH_OK; 137*0Sstevel@tonic-gate done: 138*0Sstevel@tonic-gate XDR_DESTROY(&xdrs); 139*0Sstevel@tonic-gate return (stat); 140*0Sstevel@tonic-gate } 141*0Sstevel@tonic-gate 142*0Sstevel@tonic-gate 143*0Sstevel@tonic-gate /* 144*0Sstevel@tonic-gate * Shorthand unix authenticator 145*0Sstevel@tonic-gate * Looks up longhand in a cache. 146*0Sstevel@tonic-gate */ 147*0Sstevel@tonic-gate /* ARGSUSED */ 148*0Sstevel@tonic-gate enum auth_stat 149*0Sstevel@tonic-gate _svcauth_short(struct svc_req *rqst, struct rpc_msg *msg) 150*0Sstevel@tonic-gate { 151*0Sstevel@tonic-gate return (AUTH_REJECTEDCRED); 152*0Sstevel@tonic-gate } 153