Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/rpc/svc_auth_unix.c
39475 views
1
/*-

2
 * SPDX-License-Identifier: BSD-3-Clause

3
 *

4
 * Copyright (c) 2009, Sun Microsystems, Inc.

5
 * All rights reserved.

6
 *

7
 * Redistribution and use in source and binary forms, with or without 

8
 * modification, are permitted provided that the following conditions are met:

9
 * - Redistributions of source code must retain the above copyright notice, 

10
 *   this list of conditions and the following disclaimer.

11
 * - Redistributions in binary form must reproduce the above copyright notice, 

12
 *   this list of conditions and the following disclaimer in the documentation 

13
 *   and/or other materials provided with the distribution.

14
 * - Neither the name of Sun Microsystems, Inc. nor the names of its 

15
 *   contributors may be used to endorse or promote products derived 

16
 *   from this software without specific prior written permission.

17
 * 

18
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 

19
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 

20
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 

21
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 

22
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 

23
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 

24
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 

25
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 

26
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 

27
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 

28
 * POSSIBILITY OF SUCH DAMAGE.

29
 */

30


31
#include <sys/cdefs.h>

32
/*

33
 * svc_auth_unix.c

34
 * Handles UNIX flavor authentication parameters on the service side of rpc.

35
 * There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT.

36
 * _svcauth_unix does full blown unix style uid,gid+gids auth,

37
 * _svcauth_short uses a shorthand auth to index into a cache of longhand auths.

38
 * Note: the shorthand has been gutted for efficiency.

39
 *

40
 * Copyright (C) 1984, Sun Microsystems, Inc.

41
 */

42


43
#include <sys/param.h>

44
#include <sys/lock.h>

45
#include <sys/mutex.h>

46
#include <sys/systm.h>

47
#include <sys/ucred.h>

48


49
#include <rpc/rpc.h>

50


51
#include <rpc/rpc_com.h>

52


53
#define MAX_MACHINE_NAME	255

54
#define NGRPS			16

55


56
/*

57
 * Unix longhand authenticator

58
 */

59
enum auth_stat

60
_svcauth_unix(struct svc_req *rqst, struct rpc_msg *msg)

61
{

62
	enum auth_stat stat;

63
	XDR xdrs;

64
	int32_t *buf;

65
	uint32_t time;

66
	struct xucred *xcr;

67
	u_int auth_len;

68
	size_t str_len, gid_len;

69
	u_int i;

70


71
	xcr = rqst->rq_clntcred;

72
	auth_len = (u_int)msg->rm_call.cb_cred.oa_length;

73
	xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,

74
	    XDR_DECODE);

75
	buf = XDR_INLINE(&xdrs, auth_len);

76
	if (buf != NULL) {

77
		time = IXDR_GET_UINT32(buf);

78
		str_len = (size_t)IXDR_GET_UINT32(buf);

79
		if (str_len > MAX_MACHINE_NAME) {

80
			stat = AUTH_BADCRED;

81
			goto done;

82
		}

83
		str_len = RNDUP(str_len);

84
		buf += str_len / sizeof (int32_t);

85
		xcr->cr_uid = IXDR_GET_UINT32(buf);

86
		xcr->cr_gid = IXDR_GET_UINT32(buf);

87
		gid_len = (size_t)IXDR_GET_UINT32(buf);

88
		if (gid_len > NGRPS) {

89
			stat = AUTH_BADCRED;

90
			goto done;

91
		}

92
		for (i = 0; i < gid_len; i++) {

93
			/*

94
			 * Note that this is a `struct xucred`, which maintains

95
			 * its historical layout of preserving the egid in

96
			 * cr_ngroups and cr_groups[0] == egid.

97
			 */

98
			if (i + 1 < XU_NGROUPS)

99
				xcr->cr_groups[i + 1] = IXDR_GET_INT32(buf);

100
			else

101
				buf++;

102
		}

103
		if (gid_len + 1 > XU_NGROUPS)

104
			xcr->cr_ngroups = XU_NGROUPS;

105
		else

106
			xcr->cr_ngroups = gid_len + 1;

107


108
		/*

109
		 * five is the smallest unix credentials structure -

110
		 * timestamp, hostname len (0), uid, gid, and gids len (0).

111
		 */

112
		if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {

113
			(void) printf("bad auth_len gid %ld str %ld auth %u\n",

114
			    (long)gid_len, (long)str_len, auth_len);

115
			stat = AUTH_BADCRED;

116
			goto done;

117
		}

118
	} else if (! xdr_authunix_parms(&xdrs, &time, xcr)) {

119
		stat = AUTH_BADCRED;

120
		goto done;

121
	}

122


123
	rqst->rq_verf = _null_auth;

124
	stat = AUTH_OK;

125
done:

126
	XDR_DESTROY(&xdrs);

127


128
	return (stat);

129
}

130


131


132
/*

133
 * Shorthand unix authenticator

134
 * Looks up longhand in a cache.

135
 */

136
/*ARGSUSED*/

137
enum auth_stat

138
_svcauth_short(struct svc_req *rqst, struct rpc_msg *msg)

139
{

140
	return (AUTH_REJECTEDCRED);

141
}

142


143