Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/rpc/rpcsec_tls/auth_tls.c
39483 views
1
/*-

2
 * SPDX-License-Identifier: BSD-3-Clause

3
 *

4
 * Copyright (c) 2009, Sun Microsystems, Inc.

5
 * All rights reserved.

6
 *

7
 * Redistribution and use in source and binary forms, with or without 

8
 * modification, are permitted provided that the following conditions are met:

9
 * - Redistributions of source code must retain the above copyright notice, 

10
 *   this list of conditions and the following disclaimer.

11
 * - Redistributions in binary form must reproduce the above copyright notice, 

12
 *   this list of conditions and the following disclaimer in the documentation 

13
 *   and/or other materials provided with the distribution.

14
 * - Neither the name of Sun Microsystems, Inc. nor the names of its 

15
 *   contributors may be used to endorse or promote products derived 

16
 *   from this software without specific prior written permission.

17
 * 

18
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 

19
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 

20
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 

21
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 

22
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 

23
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 

24
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 

25
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 

26
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 

27
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 

28
 * POSSIBILITY OF SUCH DAMAGE.

29
 */

30


31
#include <sys/cdefs.h>

32
/*

33
 * auth_none.c

34
 * Creates a client authentication handle for passing "null"

35
 * credentials and verifiers to remote systems.

36
 *

37
 * Copyright (C) 1984, Sun Microsystems, Inc.

38
 */

39


40
/*

41
 * Modified from auth_none.c to expect a reply verifier of "STARTTLS"

42
 * for the RPC-over-TLS STARTTLS command.

43
 */

44


45
#include <sys/param.h>

46
#include <sys/systm.h>

47
#include <sys/kernel.h>

48
#include <sys/lock.h>

49
#include <sys/malloc.h>

50
#include <sys/mutex.h>

51


52
#include <rpc/types.h>

53
#include <rpc/xdr.h>

54
#include <rpc/auth.h>

55
#include <rpc/clnt.h>

56
#include <rpc/rpcsec_tls.h>

57


58
#define MAX_MARSHAL_SIZE 20

59


60
/*

61
 * Authenticator operations routines

62
 */

63


64
static bool_t authtls_marshal (AUTH *, uint32_t, XDR *, struct mbuf *);

65
static void authtls_verf (AUTH *);

66
static bool_t authtls_validate (AUTH *, uint32_t, struct opaque_auth *,

67
    struct mbuf **);

68
static bool_t authtls_refresh (AUTH *, void *);

69
static void authtls_destroy (AUTH *);

70


71
static const struct auth_ops authtls_ops = {

72
	.ah_nextverf =		authtls_verf,

73
	.ah_marshal =		authtls_marshal,

74
	.ah_validate =		authtls_validate,

75
	.ah_refresh =		authtls_refresh,

76
	.ah_destroy =		authtls_destroy,

77
};

78


79
struct authtls_private {

80
	AUTH	no_client;

81
	char	mclient[MAX_MARSHAL_SIZE];

82
	u_int	mcnt;

83
};

84


85
static struct authtls_private authtls_private;

86
static struct opaque_auth _tls_null_auth;

87


88
static void

89
authtls_init(void *dummy)

90
{

91
	struct authtls_private *ap = &authtls_private;

92
	XDR xdrs;

93


94
	_tls_null_auth.oa_flavor = AUTH_TLS;

95
	_tls_null_auth.oa_base = NULL;

96
	_tls_null_auth.oa_length = 0;

97
	ap->no_client.ah_cred = _tls_null_auth;

98
	ap->no_client.ah_verf = _null_auth;

99
	ap->no_client.ah_ops = &authtls_ops;

100
	xdrmem_create(&xdrs, ap->mclient, MAX_MARSHAL_SIZE, XDR_ENCODE);

101
	xdr_opaque_auth(&xdrs, &ap->no_client.ah_cred);

102
	xdr_opaque_auth(&xdrs, &ap->no_client.ah_verf);

103
	ap->mcnt = XDR_GETPOS(&xdrs);

104
	XDR_DESTROY(&xdrs);

105
}

106
SYSINIT(authtls_init, SI_SUB_KMEM, SI_ORDER_ANY, authtls_init, NULL);

107


108
AUTH *

109
authtls_create(void)

110
{

111
	struct authtls_private *ap = &authtls_private;

112


113
	return (&ap->no_client);

114
}

115


116
/*ARGSUSED*/

117
static bool_t

118
authtls_marshal(AUTH *client, uint32_t xid, XDR *xdrs, struct mbuf *args)

119
{

120
	struct authtls_private *ap = &authtls_private;

121


122
	KASSERT(xdrs != NULL, ("authtls_marshal: xdrs is null"));

123


124
	if (!XDR_PUTBYTES(xdrs, ap->mclient, ap->mcnt))

125
		return (FALSE);

126


127
	return (xdr_putmbuf(xdrs, args));

128
}

129


130
/* All these unused parameters are required to keep ANSI-C from grumbling */

131
/*ARGSUSED*/

132
static void

133
authtls_verf(AUTH *client)

134
{

135
}

136


137
/*ARGSUSED*/

138
static bool_t

139
authtls_validate(AUTH *client, uint32_t xid, struct opaque_auth *opaque,

140
    struct mbuf **mrepp)

141
{

142
	size_t strsiz;

143


144
	strsiz = strlen(RPCTLS_START_STRING);

145
	/* The verifier must be the string RPCTLS_START_STRING. */

146
	if (opaque != NULL &&

147
	    (opaque->oa_length != strsiz || memcmp(opaque->oa_base,

148
	     RPCTLS_START_STRING, strsiz) != 0))

149
		return (FALSE);

150
	return (TRUE);

151
}

152


153
/*ARGSUSED*/

154
static bool_t

155
authtls_refresh(AUTH *client, void *dummy)

156
{

157


158
	return (FALSE);

159
}

160


161
/*ARGSUSED*/

162
static void

163
authtls_destroy(AUTH *client)

164
{

165
}

166


167