svc_authux.c

   1 /*
   2  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
   3  * unrestricted use provided that this legend is included on all tape
   4  * media and as a part of the software program in whole or part.  Users
   5  * may copy or modify Sun RPC without charge, but are not authorized
   6  * to license or distribute it to anyone else except as part of a product or
   7  * program developed by the user.
   8  *
   9  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  10  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  11  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
  12  *
  13  * Sun RPC is provided with no support and without any obligation on the
  14  * part of Sun Microsystems, Inc. to assist in its use, correction,
  15  * modification or enhancement.
  16  *
  17  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  18  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  19  * OR ANY PART THEREOF.
  20  *
  21  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  22  * or profits or other special, indirect and consequential damages, even if
  23  * Sun has been advised of the possibility of such damages.
  24  *
  25  * Sun Microsystems, Inc.
  26  * 2550 Garcia Avenue
  27  * Mountain View, California  94043
  28  */
  29
  30 /*
  31  * svc_auth_unix.c
  32  * Handles UNIX flavor authentication parameters on the service side of rpc.
  33  * There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT.
  34  * _svcauth_unix does full blown unix style uid,gid+gids auth,
  35  * _svcauth_short uses a shorthand auth to index into a cache of longhand auths.
  36  * Note: the shorthand has been gutted for efficiency.
  37  *
  38  * Copyright (C) 1984, Sun Microsystems, Inc.
  39  */
  40
  41 #define __FORCE_GLIBC
  42 #include <features.h>
  43
  44 #include <stdio.h>
  45 #include <string.h>
  46 #include <rpc/rpc.h>
  47 #include <rpc/svc.h>
  48
  49
  50 /*
  51  * Unix longhand authenticator
  52  */
  53 enum auth_stat
  54 _svcauth_unix (struct svc_req *rqst, struct rpc_msg *msg) attribute_hidden;
  55 enum auth_stat
  56 _svcauth_unix (struct svc_req *rqst, struct rpc_msg *msg)
  57 {
  58   enum auth_stat stat;
  59   XDR xdrs;
  60   struct authunix_parms *aup;
  61   int32_t *buf;
  62   struct area
  63     {
  64       struct authunix_parms area_aup;
  65       char area_machname[MAX_MACHINE_NAME + 1];
  66       gid_t area_gids[NGRPS];
  67     }
  68    *area;
  69   u_int auth_len;
  70   u_int str_len, gid_len;
  71   u_int i;
  72
  73   area = (struct area *) rqst->rq_clntcred;
  74   aup = &area->area_aup;
  75   aup->aup_machname = area->area_machname;
  76   aup->aup_gids = area->area_gids;
  77   auth_len = (u_int) msg->rm_call.cb_cred.oa_length;
  78   xdrmem_create (&xdrs, msg->rm_call.cb_cred.oa_base, auth_len, XDR_DECODE);
  79   buf = XDR_INLINE (&xdrs, auth_len);
  80   if (buf != NULL)
  81     {
  82       aup->aup_time = IXDR_GET_LONG (buf);
  83       str_len = IXDR_GET_U_INT32 (buf);
  84       if (str_len > MAX_MACHINE_NAME)
  85         {
  86           stat = AUTH_BADCRED;
  87           goto done;
  88         }
  89       memcpy (aup->aup_machname, (caddr_t) buf, (u_int) str_len);
  90       aup->aup_machname[str_len] = 0;
  91       str_len = RNDUP (str_len);
  92       buf = (int32_t *) ((char *) buf + str_len);
  93       aup->aup_uid = IXDR_GET_LONG (buf);
  94       aup->aup_gid = IXDR_GET_LONG (buf);
  95       gid_len = IXDR_GET_U_INT32 (buf);
  96       if (gid_len > NGRPS)
  97         {
  98           stat = AUTH_BADCRED;
  99           goto done;
 100         }
 101       aup->aup_len = gid_len;
 102       for (i = 0; i < gid_len; i++)
 103         {
 104           aup->aup_gids[i] = IXDR_GET_LONG (buf);
 105         }
 106       /*
 107        * five is the smallest unix credentials structure -
 108        * timestamp, hostname len (0), uid, gid, and gids len (0).
 109        */
 110       if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len)
 111         {
 112           (void) printf ("bad auth_len gid %d str %d auth %d\n",
 113                          gid_len, str_len, auth_len);
 114           stat = AUTH_BADCRED;
 115           goto done;
 116         }
 117     }
 118   else if (!xdr_authunix_parms (&xdrs, aup))
 119     {
 120       xdrs.x_op = XDR_FREE;
 121       (void) xdr_authunix_parms (&xdrs, aup);
 122       stat = AUTH_BADCRED;
 123       goto done;
 124     }
 125
 126   /* get the verifier */
 127   if ((u_int)msg->rm_call.cb_verf.oa_length)
 128     {
 129       rqst->rq_xprt->xp_verf.oa_flavor =
 130         msg->rm_call.cb_verf.oa_flavor;
 131       rqst->rq_xprt->xp_verf.oa_base =
 132         msg->rm_call.cb_verf.oa_base;
 133       rqst->rq_xprt->xp_verf.oa_length =
 134         msg->rm_call.cb_verf.oa_length;
 135     }
 136   else
 137     {
 138       rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL;
 139       rqst->rq_xprt->xp_verf.oa_length = 0;
 140     }
 141   stat = AUTH_OK;
 142 done:
 143   XDR_DESTROY (&xdrs);
 144   return stat;
 145 }
 146
 147
 148 /*
 149  * Shorthand unix authenticator
 150  * Looks up longhand in a cache.
 151  */
 152 /*ARGSUSED */
 153 enum auth_stat
 154 _svcauth_short (struct svc_req *rqst attribute_unused, struct rpc_msg *msg attribute_unused) attribute_hidden;
 155 enum auth_stat
 156 _svcauth_short (struct svc_req *rqst attribute_unused, struct rpc_msg *msg attribute_unused)
 157 {
 158   return AUTH_REJECTEDCRED;
 159 }