Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/rpc/authunix_prot.c
103756 views
1
/*	$NetBSD: authunix_prot.c,v 1.12 2000/01/22 22:19:17 mycroft Exp $	*/

2


3
/*-

4
 * SPDX-License-Identifier: BSD-3-Clause

5
 *

6
 * Copyright (c) 2009, Sun Microsystems, Inc.

7
 * All rights reserved.

8
 *

9
 * Redistribution and use in source and binary forms, with or without 

10
 * modification, are permitted provided that the following conditions are met:

11
 * - Redistributions of source code must retain the above copyright notice, 

12
 *   this list of conditions and the following disclaimer.

13
 * - Redistributions in binary form must reproduce the above copyright notice, 

14
 *   this list of conditions and the following disclaimer in the documentation 

15
 *   and/or other materials provided with the distribution.

16
 * - Neither the name of Sun Microsystems, Inc. nor the names of its 

17
 *   contributors may be used to endorse or promote products derived 

18
 *   from this software without specific prior written permission.

19
 * 

20
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 

21
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 

22
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 

23
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 

24
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 

25
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 

26
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 

27
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 

28
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 

29
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 

30
 * POSSIBILITY OF SUCH DAMAGE.

31
 */

32


33
/*

34
 * authunix_prot.c

35
 * XDR for UNIX style authentication parameters for RPC

36
 *

37
 * Copyright (C) 1984, Sun Microsystems, Inc.

38
 */

39


40
#include <sys/param.h>

41
#include <sys/jail.h>

42
#include <sys/libkern.h>

43
#include <sys/ucred.h>

44


45
#include <rpc/types.h>

46
#include <rpc/xdr.h>

47
#include <rpc/auth.h>

48


49
#include <rpc/rpc_com.h>

50


51
/*

52
 * XDR for unix authentication parameters.

53
 */

54
bool_t

55
xdr_authunix_parms(XDR *xdrs, uint32_t *time, struct xucred *cred)

56
{

57
	uint32_t namelen;

58
	uint32_t supp_ngroups, i;

59
	uint32_t junk;

60
	char hostbuf[MAXHOSTNAMELEN];

61


62
	if (xdrs->x_op == XDR_FREE)

63
		/* This function does not allocate auxiliary memory. */

64
		return (TRUE);

65


66
	if (xdrs->x_op == XDR_ENCODE) {

67
		getcredhostname(NULL, hostbuf, sizeof(hostbuf));

68
		namelen = strlen(hostbuf);

69
		if (namelen > AUTH_SYS_MAX_HOSTNAME)

70
			namelen = AUTH_SYS_MAX_HOSTNAME;

71
	} else

72
		namelen = 0;

73


74
	if (!xdr_uint32_t(xdrs, time) || !xdr_uint32_t(xdrs, &namelen))

75
		return (FALSE);

76


77
	/*

78
	 * Ignore the hostname on decode.

79
	 */

80
	if (xdrs->x_op == XDR_ENCODE) {

81
		if (!xdr_opaque(xdrs, hostbuf, namelen))

82
			return (FALSE);

83
	} else {

84
		if (namelen > AUTH_SYS_MAX_HOSTNAME)

85
			return (FALSE);

86
		xdr_setpos(xdrs, xdr_getpos(xdrs) + RNDUP(namelen));

87
	}

88


89
	if (!xdr_uint32_t(xdrs, &cred->cr_uid))

90
		return (FALSE);

91


92
	/*

93
	 * Safety check: The protocol needs at least one group (access to

94
	 * 'cr_gid', decrementation of 'cr_ngroups' below).

95
	 */

96
	if (xdrs->x_op == XDR_ENCODE && cred->cr_ngroups == 0)

97
		return (FALSE);

98
	if (!xdr_uint32_t(xdrs, &cred->cr_gid))

99
		return (FALSE);

100


101
	if (xdrs->x_op == XDR_ENCODE) {

102
		/*

103
		 * Note that this is a 'struct xucred', which still has the

104
		 * historical layout where the effective GID is in cr_groups[0]

105
		 * and is accounted in 'cr_ngroups'.  We substract 1 to obtain

106
		 * the number of "supplementary" groups, passed in the AUTH_SYS

107
		 * credentials variable-length array called gids[] in RFC 5531.

108
		 */

109
		MPASS(cred->cr_ngroups <= XU_NGROUPS);

110
		supp_ngroups = cred->cr_ngroups - 1;

111
		if (supp_ngroups > AUTH_SYS_MAX_GROUPS)

112
			/* With current values, this should never execute. */

113
			supp_ngroups = AUTH_SYS_MAX_GROUPS;

114
	}

115


116
	if (!xdr_uint32_t(xdrs, &supp_ngroups))

117
		return (FALSE);

118


119
	/*

120
	 * Because we cannot store more than XU_NGROUPS in total (16 at time of

121
	 * this writing), for now we choose to be strict with respect to RFC

122
	 * 5531's maximum number of supplementary groups (AUTH_SYS_MAX_GROUPS).

123
	 * That would also be an accidental DoS prevention measure if the

124
	 * request handling code didn't try to reassemble it in full without any

125
	 * size limits.  Although AUTH_SYS_MAX_GROUPS and XU_NGROUPS are equal,

126
	 * since the latter includes the "effective" GID, we cannot store the

127
	 * last group of a message with exactly AUTH_SYS_MAX_GROUPS

128
	 * supplementary groups.  We accept such messages so as not to violate

129
	 * the protocol, silently dropping the last group on the floor.

130
	 */

131


132
	if (xdrs->x_op != XDR_ENCODE && supp_ngroups > AUTH_SYS_MAX_GROUPS)

133
		return (FALSE);

134


135
	junk = 0;

136
	for (i = 0; i < supp_ngroups; ++i)

137
		if (!xdr_uint32_t(xdrs, i < XU_NGROUPS - 1 ?

138
		    &cred->cr_sgroups[i] : &junk))

139
			return (FALSE);

140


141
	if (xdrs->x_op != XDR_ENCODE)

142
		cred->cr_ngroups = MIN(supp_ngroups + 1, XU_NGROUPS);

143


144
	return (TRUE);

145
}

146


147