| 1 | /* |
| 2 | * Sun RPC is a product of Sun Microsystems, Inc. and is provided for |
| 3 | * unrestricted use provided that this legend is included on all tape |
| 4 | * media and as a part of the software program in whole or part. Users |
| 5 | * may copy or modify Sun RPC without charge, but are not authorized |
| 6 | * to license or distribute it to anyone else except as part of a product or |
| 7 | * program developed by the user. |
| 8 | * |
| 9 | * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE |
| 10 | * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR |
| 11 | * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. |
| 12 | * |
| 13 | * Sun RPC is provided with no support and without any obligation on the |
| 14 | * part of Sun Microsystems, Inc. to assist in its use, correction, |
| 15 | * modification or enhancement. |
| 16 | * |
| 17 | * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE |
| 18 | * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC |
| 19 | * OR ANY PART THEREOF. |
| 20 | * |
| 21 | * In no event will Sun Microsystems, Inc. be liable for any lost revenue |
| 22 | * or profits or other special, indirect and consequential damages, even if |
| 23 | * Sun has been advised of the possibility of such damages. |
| 24 | * |
| 25 | * Sun Microsystems, Inc. |
| 26 | * 2550 Garcia Avenue |
| 27 | * Mountain View, California 94043 |
| 28 | * |
| 29 | * @(#)auth_unix.c 1.19 87/08/11 Copyr 1984 Sun Micro |
| 30 | * @(#)auth_unix.c 2.2 88/08/01 4.0 RPCSRC |
| 31 | * $NetBSD: auth_unix.c,v 1.18 2000/07/06 03:03:30 christos Exp $ |
| 32 | * $FreeBSD: src/lib/libc/rpc/auth_unix.c,v 1.18 2007/06/14 20:07:35 harti Exp $ |
| 33 | * $DragonFly: src/lib/libc/rpc/auth_unix.c,v 1.4 2005/11/13 12:27:04 swildner Exp $ |
| 34 | */ |
| 35 | |
| 36 | /* |
| 37 | * auth_unix.c, Implements UNIX style authentication parameters. |
| 38 | * |
| 39 | * Copyright (C) 1984, Sun Microsystems, Inc. |
| 40 | * |
| 41 | * The system is very weak. The client uses no encryption for it's |
| 42 | * credentials and only sends null verifiers. The server sends backs |
| 43 | * null verifiers or optionally a verifier that suggests a new short hand |
| 44 | * for the credentials. |
| 45 | * |
| 46 | */ |
| 47 | |
| 48 | #include "namespace.h" |
| 49 | #include "reentrant.h" |
| 50 | #include <sys/param.h> |
| 51 | |
| 52 | #include <assert.h> |
| 53 | #include <err.h> |
| 54 | #include <stdio.h> |
| 55 | #include <stdlib.h> |
| 56 | #include <unistd.h> |
| 57 | #include <string.h> |
| 58 | |
| 59 | #include <rpc/types.h> |
| 60 | #include <rpc/xdr.h> |
| 61 | #include <rpc/auth.h> |
| 62 | #include <rpc/auth_unix.h> |
| 63 | #include "un-namespace.h" |
| 64 | #include "mt_misc.h" |
| 65 | |
| 66 | /* auth_unix.c */ |
| 67 | static void authunix_destroy(AUTH *); |
| 68 | static bool_t authunix_marshal(AUTH *, XDR *); |
| 69 | static void authunix_nextverf(AUTH *); |
| 70 | static struct auth_ops *authunix_ops(void); |
| 71 | static bool_t authunix_refresh(AUTH *, void *); |
| 72 | static bool_t authunix_validate(AUTH *, struct opaque_auth *); |
| 73 | static void marshal_new_auth(AUTH *); |
| 74 | |
| 75 | /* |
| 76 | * This struct is pointed to by the ah_private field of an auth_handle. |
| 77 | */ |
| 78 | struct audata { |
| 79 | struct opaque_auth au_origcred; /* original credentials */ |
| 80 | struct opaque_auth au_shcred; /* short hand cred */ |
| 81 | u_long au_shfaults; /* short hand cache faults */ |
| 82 | char au_marshed[MAX_AUTH_BYTES]; |
| 83 | u_int au_mpos; /* xdr pos at end of marshed */ |
| 84 | }; |
| 85 | #define AUTH_PRIVATE(auth) ((struct audata *)auth->ah_private) |
| 86 | |
| 87 | /* |
| 88 | * Create a unix style authenticator. |
| 89 | * Returns an auth handle with the given stuff in it. |
| 90 | */ |
| 91 | AUTH * |
| 92 | authunix_create(char *machname, int uid, int gid, int len, int *aup_gids) |
| 93 | { |
| 94 | struct authunix_parms aup; |
| 95 | char mymem[MAX_AUTH_BYTES]; |
| 96 | struct timeval now; |
| 97 | XDR xdrs; |
| 98 | AUTH *auth; |
| 99 | struct audata *au; |
| 100 | |
| 101 | /* |
| 102 | * Allocate and set up auth handle |
| 103 | */ |
| 104 | au = NULL; |
| 105 | auth = mem_alloc(sizeof(*auth)); |
| 106 | #ifndef _KERNEL |
| 107 | if (auth == NULL) { |
| 108 | warnx("authunix_create: out of memory"); |
| 109 | goto cleanup_authunix_create; |
| 110 | } |
| 111 | #endif |
| 112 | au = mem_alloc(sizeof(*au)); |
| 113 | #ifndef _KERNEL |
| 114 | if (au == NULL) { |
| 115 | warnx("authunix_create: out of memory"); |
| 116 | goto cleanup_authunix_create; |
| 117 | } |
| 118 | #endif |
| 119 | auth->ah_ops = authunix_ops(); |
| 120 | auth->ah_private = (caddr_t)au; |
| 121 | auth->ah_verf = au->au_shcred = _null_auth; |
| 122 | au->au_shfaults = 0; |
| 123 | au->au_origcred.oa_base = NULL; |
| 124 | |
| 125 | /* |
| 126 | * fill in param struct from the given params |
| 127 | */ |
| 128 | gettimeofday(&now, NULL); |
| 129 | aup.aup_time = now.tv_sec; |
| 130 | aup.aup_machname = machname; |
| 131 | aup.aup_uid = uid; |
| 132 | aup.aup_gid = gid; |
| 133 | aup.aup_len = (u_int)len; |
| 134 | aup.aup_gids = aup_gids; |
| 135 | |
| 136 | /* |
| 137 | * Serialize the parameters into origcred |
| 138 | */ |
| 139 | xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE); |
| 140 | if (! xdr_authunix_parms(&xdrs, &aup)) |
| 141 | abort(); |
| 142 | au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs); |
| 143 | au->au_origcred.oa_flavor = AUTH_UNIX; |
| 144 | #ifdef _KERNEL |
| 145 | au->au_origcred.oa_base = mem_alloc((u_int) len); |
| 146 | #else |
| 147 | if ((au->au_origcred.oa_base = mem_alloc((u_int) len)) == NULL) { |
| 148 | warnx("authunix_create: out of memory"); |
| 149 | goto cleanup_authunix_create; |
| 150 | } |
| 151 | #endif |
| 152 | memmove(au->au_origcred.oa_base, mymem, (size_t)len); |
| 153 | |
| 154 | /* |
| 155 | * set auth handle to reflect new cred. |
| 156 | */ |
| 157 | auth->ah_cred = au->au_origcred; |
| 158 | marshal_new_auth(auth); |
| 159 | return (auth); |
| 160 | #ifndef _KERNEL |
| 161 | cleanup_authunix_create: |
| 162 | if (auth) |
| 163 | mem_free(auth, sizeof(*auth)); |
| 164 | if (au) { |
| 165 | if (au->au_origcred.oa_base) |
| 166 | mem_free(au->au_origcred.oa_base, (u_int)len); |
| 167 | mem_free(au, sizeof(*au)); |
| 168 | } |
| 169 | return (NULL); |
| 170 | #endif |
| 171 | } |
| 172 | |
| 173 | /* |
| 174 | * Returns an auth handle with parameters determined by doing lots of |
| 175 | * syscalls. |
| 176 | */ |
| 177 | AUTH * |
| 178 | authunix_create_default(void) |
| 179 | { |
| 180 | int len; |
| 181 | char machname[MAXHOSTNAMELEN + 1]; |
| 182 | uid_t uid; |
| 183 | gid_t gid; |
| 184 | gid_t gids[NGROUPS_MAX]; |
| 185 | |
| 186 | if (gethostname(machname, sizeof machname) == -1) |
| 187 | abort(); |
| 188 | machname[sizeof(machname) - 1] = 0; |
| 189 | uid = geteuid(); |
| 190 | gid = getegid(); |
| 191 | if ((len = getgroups(NGROUPS_MAX, gids)) < 0) |
| 192 | abort(); |
| 193 | if (len > NGRPS) |
| 194 | len = NGRPS; |
| 195 | /* XXX: interface problem; those should all have been unsigned */ |
| 196 | return (authunix_create(machname, (int)uid, (int)gid, len, |
| 197 | (int *)gids)); |
| 198 | } |
| 199 | |
| 200 | /* |
| 201 | * authunix operations |
| 202 | */ |
| 203 | |
| 204 | /* ARGSUSED */ |
| 205 | static void |
| 206 | authunix_nextverf(AUTH *auth) |
| 207 | { |
| 208 | /* no action necessary */ |
| 209 | } |
| 210 | |
| 211 | static bool_t |
| 212 | authunix_marshal(AUTH *auth, XDR *xdrs) |
| 213 | { |
| 214 | struct audata *au; |
| 215 | |
| 216 | assert(auth != NULL); |
| 217 | assert(xdrs != NULL); |
| 218 | |
| 219 | au = AUTH_PRIVATE(auth); |
| 220 | return (XDR_PUTBYTES(xdrs, au->au_marshed, au->au_mpos)); |
| 221 | } |
| 222 | |
| 223 | static bool_t |
| 224 | authunix_validate(AUTH *auth, struct opaque_auth *verf) |
| 225 | { |
| 226 | struct audata *au; |
| 227 | XDR xdrs; |
| 228 | |
| 229 | assert(auth != NULL); |
| 230 | assert(verf != NULL); |
| 231 | |
| 232 | if (verf->oa_flavor == AUTH_SHORT) { |
| 233 | au = AUTH_PRIVATE(auth); |
| 234 | xdrmem_create(&xdrs, verf->oa_base, verf->oa_length, |
| 235 | XDR_DECODE); |
| 236 | |
| 237 | if (au->au_shcred.oa_base != NULL) { |
| 238 | mem_free(au->au_shcred.oa_base, |
| 239 | au->au_shcred.oa_length); |
| 240 | au->au_shcred.oa_base = NULL; |
| 241 | } |
| 242 | if (xdr_opaque_auth(&xdrs, &au->au_shcred)) { |
| 243 | auth->ah_cred = au->au_shcred; |
| 244 | } else { |
| 245 | xdrs.x_op = XDR_FREE; |
| 246 | xdr_opaque_auth(&xdrs, &au->au_shcred); |
| 247 | au->au_shcred.oa_base = NULL; |
| 248 | auth->ah_cred = au->au_origcred; |
| 249 | } |
| 250 | marshal_new_auth(auth); |
| 251 | } |
| 252 | return (TRUE); |
| 253 | } |
| 254 | |
| 255 | static bool_t |
| 256 | authunix_refresh(AUTH *auth, void *dummy) |
| 257 | { |
| 258 | struct audata *au = AUTH_PRIVATE(auth); |
| 259 | struct authunix_parms aup; |
| 260 | struct timeval now; |
| 261 | XDR xdrs; |
| 262 | int stat; |
| 263 | |
| 264 | assert(auth != NULL); |
| 265 | |
| 266 | if (auth->ah_cred.oa_base == au->au_origcred.oa_base) { |
| 267 | /* there is no hope. Punt */ |
| 268 | return (FALSE); |
| 269 | } |
| 270 | au->au_shfaults ++; |
| 271 | |
| 272 | /* first deserialize the creds back into a struct authunix_parms */ |
| 273 | aup.aup_machname = NULL; |
| 274 | aup.aup_gids = NULL; |
| 275 | xdrmem_create(&xdrs, au->au_origcred.oa_base, |
| 276 | au->au_origcred.oa_length, XDR_DECODE); |
| 277 | stat = xdr_authunix_parms(&xdrs, &aup); |
| 278 | if (! stat) |
| 279 | goto done; |
| 280 | |
| 281 | /* update the time and serialize in place */ |
| 282 | gettimeofday(&now, NULL); |
| 283 | aup.aup_time = now.tv_sec; |
| 284 | xdrs.x_op = XDR_ENCODE; |
| 285 | XDR_SETPOS(&xdrs, 0); |
| 286 | stat = xdr_authunix_parms(&xdrs, &aup); |
| 287 | if (! stat) |
| 288 | goto done; |
| 289 | auth->ah_cred = au->au_origcred; |
| 290 | marshal_new_auth(auth); |
| 291 | done: |
| 292 | /* free the struct authunix_parms created by deserializing */ |
| 293 | xdrs.x_op = XDR_FREE; |
| 294 | xdr_authunix_parms(&xdrs, &aup); |
| 295 | XDR_DESTROY(&xdrs); |
| 296 | return (stat); |
| 297 | } |
| 298 | |
| 299 | static void |
| 300 | authunix_destroy(AUTH *auth) |
| 301 | { |
| 302 | struct audata *au; |
| 303 | |
| 304 | assert(auth != NULL); |
| 305 | |
| 306 | au = AUTH_PRIVATE(auth); |
| 307 | mem_free(au->au_origcred.oa_base, au->au_origcred.oa_length); |
| 308 | |
| 309 | if (au->au_shcred.oa_base != NULL) |
| 310 | mem_free(au->au_shcred.oa_base, au->au_shcred.oa_length); |
| 311 | |
| 312 | mem_free(auth->ah_private, sizeof(struct audata)); |
| 313 | |
| 314 | if (auth->ah_verf.oa_base != NULL) |
| 315 | mem_free(auth->ah_verf.oa_base, auth->ah_verf.oa_length); |
| 316 | |
| 317 | mem_free(auth, sizeof(*auth)); |
| 318 | } |
| 319 | |
| 320 | /* |
| 321 | * Marshals (pre-serializes) an auth struct. |
| 322 | * sets private data, au_marshed and au_mpos |
| 323 | */ |
| 324 | static void |
| 325 | marshal_new_auth(AUTH *auth) |
| 326 | { |
| 327 | XDR xdr_stream; |
| 328 | XDR *xdrs = &xdr_stream; |
| 329 | struct audata *au; |
| 330 | |
| 331 | assert(auth != NULL); |
| 332 | |
| 333 | au = AUTH_PRIVATE(auth); |
| 334 | xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE); |
| 335 | if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) || |
| 336 | (! xdr_opaque_auth(xdrs, &(auth->ah_verf)))) |
| 337 | warnx("auth_none.c - Fatal marshalling problem"); |
| 338 | else |
| 339 | au->au_mpos = XDR_GETPOS(xdrs); |
| 340 | XDR_DESTROY(xdrs); |
| 341 | } |
| 342 | |
| 343 | static struct auth_ops * |
| 344 | authunix_ops(void) |
| 345 | { |
| 346 | static struct auth_ops ops; |
| 347 | |
| 348 | /* VARIABLES PROTECTED BY ops_lock: ops */ |
| 349 | |
| 350 | mutex_lock(&ops_lock); |
| 351 | if (ops.ah_nextverf == NULL) { |
| 352 | ops.ah_nextverf = authunix_nextverf; |
| 353 | ops.ah_marshal = authunix_marshal; |
| 354 | ops.ah_validate = authunix_validate; |
| 355 | ops.ah_refresh = authunix_refresh; |
| 356 | ops.ah_destroy = authunix_destroy; |
| 357 | } |
| 358 | mutex_unlock(&ops_lock); |
| 359 | return (&ops); |
| 360 | } |