Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/lib/rpc/svc_auth_unix.c
39536 views
1
/* @(#)svc_auth_unix.c	2.3 88/08/01 4.0 RPCSRC; from 1.28 88/02/08 SMI */

2
/*

3
 * Copyright (c) 2010, Oracle America, Inc.

4
 *

5
 * All rights reserved.

6
 *

7
 * Redistribution and use in source and binary forms, with or without

8
 * modification, are permitted provided that the following conditions are met:

9
 *

10
 *     * Redistributions of source code must retain the above copyright

11
 *       notice, this list of conditions and the following disclaimer.

12
 *

13
 *     * Redistributions in binary form must reproduce the above copyright

14
 *       notice, this list of conditions and the following disclaimer in

15
 *       the documentation and/or other materials provided with the

16
 *       distribution.

17
 *

18
 *     * Neither the name of the "Oracle America, Inc." nor the names of

19
 *       its contributors may be used to endorse or promote products

20
 *       derived from this software without specific prior written permission.

21
 *

22
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

23
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED

24
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A

25
 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

26
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

27
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED

28
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

29
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

30
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

31
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

32
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

33
 */

34
#if !defined(lint) && defined(SCCSIDS)

35
static char sccsid[] = "@(#)svc_auth_unix.c 1.28 88/02/08 Copyr 1984 Sun Micro";

36
#endif

37


38
/*

39
 * svc_auth_unix.c

40
 * Handles UNIX flavor authentication parameters on the service side of rpc.

41
 * There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT.

42
 * _svcauth_unix does full blown unix style uid,gid+gids auth,

43
 * _svcauth_short uses a shorthand auth to index into a cache of longhand auths.

44
 * Note: the shorthand has been gutted for efficiency.

45
 */

46


47
#include <stdio.h>

48
#include <string.h>

49
#include <gssrpc/rpc.h>

50


51
/*

52
 * Unix longhand authenticator

53
 */

54
enum auth_stat

55
gssrpc__svcauth_unix(

56
	struct svc_req *rqst,

57
	struct rpc_msg *msg,

58
	bool_t *dispatch)

59
{

60
	enum auth_stat stat;

61
	XDR xdrs;

62
	struct authunix_parms *aup;

63
	rpc_inline_t *buf;

64
	struct area {

65
		struct authunix_parms area_aup;

66
		char area_machname[MAX_MACHINE_NAME+1];

67
		int area_gids[NGRPS];

68
	} *area;

69
	u_int auth_len, str_len, gid_len, i;

70


71
	rqst->rq_xprt->xp_auth = &svc_auth_none;

72


73
	area = (struct area *) rqst->rq_clntcred;

74
	aup = &area->area_aup;

75
	aup->aup_machname = area->area_machname;

76
	aup->aup_gids = area->area_gids;

77
	auth_len = msg->rm_call.cb_cred.oa_length;

78
	if (auth_len > INT_MAX)

79
		return AUTH_BADCRED;

80
	xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);

81
	buf = XDR_INLINE(&xdrs, (int)auth_len);

82
	if (buf != NULL) {

83
		aup->aup_time = IXDR_GET_LONG(buf);

84
		str_len = IXDR_GET_U_LONG(buf);

85
		if (str_len > MAX_MACHINE_NAME) {

86
			stat = AUTH_BADCRED;

87
			goto done;

88
		}

89
		memmove(aup->aup_machname, buf, str_len);

90
		aup->aup_machname[str_len] = 0;

91
		str_len = RNDUP(str_len);

92
		buf += str_len / BYTES_PER_XDR_UNIT;

93
		aup->aup_uid = IXDR_GET_LONG(buf);

94
		aup->aup_gid = IXDR_GET_LONG(buf);

95
		gid_len = IXDR_GET_U_LONG(buf);

96
		if (gid_len > NGRPS) {

97
			stat = AUTH_BADCRED;

98
			goto done;

99
		}

100
		aup->aup_len = gid_len;

101
		for (i = 0; i < gid_len; i++) {

102
			aup->aup_gids[i] = IXDR_GET_LONG(buf);

103
		}

104
		/*

105
		 * five is the smallest unix credentials structure -

106
		 * timestamp, hostname len (0), uid, gid, and gids len (0).

107
		 */

108
		if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {

109
			(void) printf("bad auth_len gid %u str %u auth %u\n",

110
			    gid_len, str_len, auth_len);

111
			stat = AUTH_BADCRED;

112
			goto done;

113
		}

114
	} else if (! xdr_authunix_parms(&xdrs, aup)) {

115
		xdrs.x_op = XDR_FREE;

116
		(void)xdr_authunix_parms(&xdrs, aup);

117
		stat = AUTH_BADCRED;

118
		goto done;

119
	}

120
	rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL;

121
	rqst->rq_xprt->xp_verf.oa_length = 0;

122
	stat = AUTH_OK;

123
done:

124
	XDR_DESTROY(&xdrs);

125
	return (stat);

126
}

127


128


129
/*

130
 * Shorthand unix authenticator

131
 * Looks up longhand in a cache.

132
 */

133
/*ARGSUSED*/

134
enum auth_stat

135
gssrpc__svcauth_short(

136
	struct svc_req *rqst,

137
	struct rpc_msg *msg,

138
	bool_t *dispatch)

139
{

140
	rqst->rq_xprt->xp_auth = &svc_auth_none;

141
	return (AUTH_REJECTEDCRED);

142
}

143


144