1 | /* |
---|
2 | * Sun RPC is a product of Sun Microsystems, Inc. and is provided for |
---|
3 | * unrestricted use provided that this legend is included on all tape |
---|
4 | * media and as a part of the software program in whole or part. Users |
---|
5 | * may copy or modify Sun RPC without charge, but are not authorized |
---|
6 | * to license or distribute it to anyone else except as part of a product or |
---|
7 | * program developed by the user. |
---|
8 | * |
---|
9 | * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE |
---|
10 | * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR |
---|
11 | * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. |
---|
12 | * |
---|
13 | * Sun RPC is provided with no support and without any obligation on the |
---|
14 | * part of Sun Microsystems, Inc. to assist in its use, correction, |
---|
15 | * modification or enhancement. |
---|
16 | * |
---|
17 | * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE |
---|
18 | * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC |
---|
19 | * OR ANY PART THEREOF. |
---|
20 | * |
---|
21 | * In no event will Sun Microsystems, Inc. be liable for any lost revenue |
---|
22 | * or profits or other special, indirect and consequential damages, even if |
---|
23 | * Sun has been advised of the possibility of such damages. |
---|
24 | * |
---|
25 | * Sun Microsystems, Inc. |
---|
26 | * 2550 Garcia Avenue |
---|
27 | * Mountain View, California 94043 |
---|
28 | */ |
---|
29 | |
---|
30 | #if defined(LIBC_SCCS) && !defined(lint) |
---|
31 | /*static char *sccsid = "from: @(#)svc_auth_unix.c 1.28 88/02/08 Copyr 1984 Sun Micro";*/ |
---|
32 | /*static char *sccsid = "from: @(#)svc_auth_unix.c 2.3 88/08/01 4.0 RPCSRC";*/ |
---|
33 | static char *rcsid = "$FreeBSD: src/lib/libc/rpc/svc_auth_unix.c,v 1.8 1999/08/28 00:00:49 peter Exp $"; |
---|
34 | #endif |
---|
35 | |
---|
36 | /* |
---|
37 | * svc_auth_unix.c |
---|
38 | * Handles UNIX flavor authentication parameters on the service side of rpc. |
---|
39 | * There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT. |
---|
40 | * _svcauth_unix does full blown unix style uid,gid+gids auth, |
---|
41 | * _svcauth_short uses a shorthand auth to index into a cache of longhand auths. |
---|
42 | * Note: the shorthand has been gutted for efficiency. |
---|
43 | * |
---|
44 | * Copyright (C) 1984, Sun Microsystems, Inc. |
---|
45 | */ |
---|
46 | |
---|
47 | #ifdef HAVE_CONFIG_H |
---|
48 | #include "config.h" |
---|
49 | #endif |
---|
50 | |
---|
51 | #include <stdio.h> |
---|
52 | #include <string.h> |
---|
53 | #include <rpc/rpc.h> |
---|
54 | |
---|
55 | /* |
---|
56 | * Unix longhand authenticator |
---|
57 | */ |
---|
58 | enum auth_stat |
---|
59 | _svcauth_unix( |
---|
60 | struct svc_req *rqst, |
---|
61 | struct rpc_msg *msg ) |
---|
62 | { |
---|
63 | register enum auth_stat stat; |
---|
64 | XDR xdrs; |
---|
65 | register struct authunix_parms *aup; |
---|
66 | register int32_t *buf; |
---|
67 | struct area { |
---|
68 | struct authunix_parms area_aup; |
---|
69 | char area_machname[MAX_MACHINE_NAME+1]; |
---|
70 | int area_gids[NGRPS]; |
---|
71 | } *area; |
---|
72 | u_int auth_len; |
---|
73 | int str_len, gid_len; |
---|
74 | register int i; |
---|
75 | |
---|
76 | area = (struct area *) rqst->rq_clntcred; |
---|
77 | aup = &area->area_aup; |
---|
78 | aup->aup_machname = area->area_machname; |
---|
79 | aup->aup_gids = area->area_gids; |
---|
80 | auth_len = (u_int)msg->rm_call.cb_cred.oa_length; |
---|
81 | xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); |
---|
82 | buf = XDR_INLINE(&xdrs, auth_len); |
---|
83 | if (buf != NULL) { |
---|
84 | aup->aup_time = IXDR_GET_LONG(buf); |
---|
85 | str_len = IXDR_GET_U_LONG(buf); |
---|
86 | if (str_len > MAX_MACHINE_NAME) { |
---|
87 | stat = AUTH_BADCRED; |
---|
88 | goto done; |
---|
89 | } |
---|
90 | memcpy(aup->aup_machname, (caddr_t)buf, (u_int)str_len); |
---|
91 | aup->aup_machname[str_len] = 0; |
---|
92 | str_len = RNDUP(str_len); |
---|
93 | buf += str_len / sizeof (int32_t); |
---|
94 | aup->aup_uid = IXDR_GET_LONG(buf); |
---|
95 | aup->aup_gid = IXDR_GET_LONG(buf); |
---|
96 | gid_len = IXDR_GET_U_LONG(buf); |
---|
97 | if (gid_len > NGRPS) { |
---|
98 | stat = AUTH_BADCRED; |
---|
99 | goto done; |
---|
100 | } |
---|
101 | aup->aup_len = gid_len; |
---|
102 | for (i = 0; i < gid_len; i++) { |
---|
103 | aup->aup_gids[i] = IXDR_GET_LONG(buf); |
---|
104 | } |
---|
105 | /* |
---|
106 | * five is the smallest unix credentials structure - |
---|
107 | * timestamp, hostname len (0), uid, gid, and gids len (0). |
---|
108 | */ |
---|
109 | if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { |
---|
110 | (void) printf("bad auth_len gid %d str %d auth %d\n", |
---|
111 | gid_len, str_len, auth_len); |
---|
112 | stat = AUTH_BADCRED; |
---|
113 | goto done; |
---|
114 | } |
---|
115 | } else if (! xdr_authunix_parms(&xdrs, aup)) { |
---|
116 | xdrs.x_op = XDR_FREE; |
---|
117 | (void)xdr_authunix_parms(&xdrs, aup); |
---|
118 | stat = AUTH_BADCRED; |
---|
119 | goto done; |
---|
120 | } |
---|
121 | |
---|
122 | /* get the verifier */ |
---|
123 | if ((u_int)msg->rm_call.cb_verf.oa_length) { |
---|
124 | rqst->rq_xprt->xp_verf.oa_flavor = |
---|
125 | msg->rm_call.cb_verf.oa_flavor; |
---|
126 | rqst->rq_xprt->xp_verf.oa_base = |
---|
127 | msg->rm_call.cb_verf.oa_base; |
---|
128 | rqst->rq_xprt->xp_verf.oa_length = |
---|
129 | msg->rm_call.cb_verf.oa_length; |
---|
130 | } else { |
---|
131 | rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL; |
---|
132 | rqst->rq_xprt->xp_verf.oa_length = 0; |
---|
133 | } |
---|
134 | stat = AUTH_OK; |
---|
135 | done: |
---|
136 | XDR_DESTROY(&xdrs); |
---|
137 | return (stat); |
---|
138 | } |
---|
139 | |
---|
140 | |
---|
141 | /* |
---|
142 | * Shorthand unix authenticator |
---|
143 | * Looks up longhand in a cache. |
---|
144 | */ |
---|
145 | /*ARGSUSED*/ |
---|
146 | enum auth_stat |
---|
147 | _svcauth_short( |
---|
148 | struct svc_req *rqst, |
---|
149 | struct rpc_msg *msg ) |
---|
150 | { |
---|
151 | return (AUTH_REJECTEDCRED); |
---|
152 | } |
---|