auth_unix.c revision 1.7
1 /* $NetBSD: auth_unix.c,v 1.7 1998/02/10 04:54:24 lukem Exp $ */ 2 3 /* 4 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for 5 * unrestricted use provided that this legend is included on all tape 6 * media and as a part of the software program in whole or part. Users 7 * may copy or modify Sun RPC without charge, but are not authorized 8 * to license or distribute it to anyone else except as part of a product or 9 * program developed by the user. 10 * 11 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE 12 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR 13 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. 14 * 15 * Sun RPC is provided with no support and without any obligation on the 16 * part of Sun Microsystems, Inc. to assist in its use, correction, 17 * modification or enhancement. 18 * 19 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE 20 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC 21 * OR ANY PART THEREOF. 22 * 23 * In no event will Sun Microsystems, Inc. be liable for any lost revenue 24 * or profits or other special, indirect and consequential damages, even if 25 * Sun has been advised of the possibility of such damages. 26 * 27 * Sun Microsystems, Inc. 28 * 2550 Garcia Avenue 29 * Mountain View, California 94043 30 */ 31 32 #include <sys/cdefs.h> 33 #if defined(LIBC_SCCS) && !defined(lint) 34 #if 0 35 static char *sccsid = "@(#)auth_unix.c 1.19 87/08/11 Copyr 1984 Sun Micro"; 36 static char *sccsid = "@(#)auth_unix.c 2.2 88/08/01 4.0 RPCSRC"; 37 #else 38 __RCSID("$NetBSD: auth_unix.c,v 1.7 1998/02/10 04:54:24 lukem Exp $"); 39 #endif 40 #endif 41 42 /* 43 * auth_unix.c, Implements UNIX style authentication parameters. 44 * 45 * Copyright (C) 1984, Sun Microsystems, Inc. 46 * 47 * The system is very weak. The client uses no encryption for it's 48 * credentials and only sends null verifiers. The server sends backs 49 * null verifiers or optionally a verifier that suggests a new shorthand 50 * for the credentials. 51 * 52 */ 53 54 #include "namespace.h" 55 56 #include <err.h> 57 #include <stdio.h> 58 #include <stdlib.h> 59 #include <string.h> 60 #include <unistd.h> 61 62 #include <rpc/types.h> 63 #include <rpc/xdr.h> 64 #include <rpc/auth.h> 65 #include <rpc/auth_unix.h> 66 67 #ifdef __weak_alias 68 __weak_alias(authunix_create,_authunix_create); 69 __weak_alias(authunix_create_default,_authunix_create_default); 70 #endif 71 72 73 /* auth_unix.c */ 74 static void authunix_nextverf __P((AUTH *)); 75 static bool_t authunix_marshal __P((AUTH *, XDR *)); 76 static bool_t authunix_validate __P((AUTH *, struct opaque_auth *)); 77 static bool_t authunix_refresh __P((AUTH *)); 78 static void authunix_destroy __P((AUTH *)); 79 static void marshal_new_auth __P((AUTH *)); 80 81 /* 82 * Unix authenticator operations vector 83 */ 84 static struct auth_ops auth_unix_ops = { 85 authunix_nextverf, 86 authunix_marshal, 87 authunix_validate, 88 authunix_refresh, 89 authunix_destroy 90 }; 91 92 /* 93 * This struct is pointed to by the ah_private field of an auth_handle. 94 */ 95 struct audata { 96 struct opaque_auth au_origcred; /* original credentials */ 97 struct opaque_auth au_shcred; /* shorthand cred */ 98 u_int32_t au_shfaults; /* shorthand cache faults */ 99 char au_marshed[MAX_AUTH_BYTES]; 100 size_t au_mpos; /* xdr pos at end of marshed */ 101 }; 102 #define AUTH_PRIVATE(auth) ((struct audata *)auth->ah_private) 103 104 /* 105 * Create a unix style authenticator. 106 * Returns an auth handle with the given stuff in it. 107 */ 108 AUTH * 109 authunix_create(machname, uid, gid, len, aup_gids) 110 const char *machname; 111 const uid_t uid; 112 const uid_t gid; 113 const size_t len; 114 const gid_t *aup_gids; 115 { 116 struct authunix_parms aup; 117 char mymem[MAX_AUTH_BYTES]; 118 struct timeval now; 119 XDR xdrs; 120 AUTH *auth; 121 struct audata *au; 122 size_t nlen; 123 124 /* 125 * Allocate and set up auth handle 126 */ 127 auth = (AUTH *)mem_alloc(sizeof(*auth)); 128 #ifndef KERNEL 129 if (auth == NULL) { 130 warnx("authunix_create: out of memory"); 131 return (NULL); 132 } 133 #endif 134 au = (struct audata *)mem_alloc(sizeof(*au)); 135 #ifndef KERNEL 136 if (au == NULL) { 137 warnx("authunix_create: out of memory"); 138 return (NULL); 139 } 140 #endif 141 auth->ah_ops = &auth_unix_ops; 142 auth->ah_private = (caddr_t)au; 143 auth->ah_verf = au->au_shcred = _null_auth; 144 au->au_shfaults = 0; 145 146 /* 147 * fill in param struct from the given params 148 */ 149 (void)gettimeofday(&now, (struct timezone *)0); 150 aup.aup_time = now.tv_sec; 151 aup.aup_machname = (char *)machname; 152 aup.aup_uid = uid; 153 aup.aup_gid = gid; 154 aup.aup_len = len; 155 aup.aup_gids = (gid_t *)aup_gids; 156 157 /* 158 * Serialize the parameters into origcred 159 */ 160 xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE); 161 if (! xdr_authunix_parms(&xdrs, &aup)) 162 abort(); 163 nlen = XDR_GETPOS(&xdrs); 164 au->au_origcred.oa_length = nlen; 165 au->au_origcred.oa_flavor = AUTH_UNIX; 166 #ifdef KERNEL 167 au->au_origcred.oa_base = mem_alloc(nlen); 168 #else 169 if ((au->au_origcred.oa_base = mem_alloc(nlen)) == NULL) { 170 warnx("authunix_create: out of memory"); 171 return (NULL); 172 } 173 #endif 174 memmove(au->au_origcred.oa_base, mymem, nlen); 175 176 /* 177 * set auth handle to reflect new cred. 178 */ 179 auth->ah_cred = au->au_origcred; 180 marshal_new_auth(auth); 181 return (auth); 182 } 183 184 /* 185 * Returns an auth handle with parameters determined by doing lots of 186 * syscalls. 187 */ 188 AUTH * 189 authunix_create_default() 190 { 191 size_t len; 192 char machname[MAX_MACHINE_NAME + 1]; 193 uid_t uid; 194 gid_t gid; 195 gid_t gids[NGRPS]; 196 197 if (gethostname(machname, MAX_MACHINE_NAME) == -1) 198 abort(); 199 machname[MAX_MACHINE_NAME] = 0; 200 uid = geteuid(); 201 gid = getegid(); 202 if ((len = getgroups(NGRPS, gids)) < 0) 203 abort(); 204 return (authunix_create(machname, uid, gid, len, gids)); 205 } 206 207 /* 208 * authunix operations 209 */ 210 211 static void 212 authunix_nextverf(auth) 213 AUTH *auth; 214 { 215 /* no action necessary */ 216 } 217 218 static bool_t 219 authunix_marshal(auth, xdrs) 220 AUTH *auth; 221 XDR *xdrs; 222 { 223 struct audata *au = AUTH_PRIVATE(auth); 224 225 return (XDR_PUTBYTES(xdrs, au->au_marshed, au->au_mpos)); 226 } 227 228 static bool_t 229 authunix_validate(auth, verf) 230 AUTH *auth; 231 struct opaque_auth *verf; 232 { 233 struct audata *au; 234 XDR xdrs; 235 236 if (verf->oa_flavor == AUTH_SHORT) { 237 au = AUTH_PRIVATE(auth); 238 xdrmem_create(&xdrs, verf->oa_base, verf->oa_length, 239 XDR_DECODE); 240 241 if (au->au_shcred.oa_base != NULL) { 242 mem_free(au->au_shcred.oa_base, 243 au->au_shcred.oa_length); 244 au->au_shcred.oa_base = NULL; 245 } 246 if (xdr_opaque_auth(&xdrs, &au->au_shcred)) { 247 auth->ah_cred = au->au_shcred; 248 } else { 249 xdrs.x_op = XDR_FREE; 250 (void)xdr_opaque_auth(&xdrs, &au->au_shcred); 251 au->au_shcred.oa_base = NULL; 252 auth->ah_cred = au->au_origcred; 253 } 254 marshal_new_auth(auth); 255 } 256 return (TRUE); 257 } 258 259 static bool_t 260 authunix_refresh(auth) 261 AUTH *auth; 262 { 263 struct audata *au = AUTH_PRIVATE(auth); 264 struct authunix_parms aup; 265 struct timeval now; 266 XDR xdrs; 267 int stat; 268 269 if (auth->ah_cred.oa_base == au->au_origcred.oa_base) { 270 /* there is no hope. Punt */ 271 return (FALSE); 272 } 273 au->au_shfaults ++; 274 275 /* first deserialize the creds back into a struct authunix_parms */ 276 aup.aup_machname = NULL; 277 aup.aup_gids = (gid_t *)NULL; 278 xdrmem_create(&xdrs, au->au_origcred.oa_base, 279 au->au_origcred.oa_length, XDR_DECODE); 280 stat = xdr_authunix_parms(&xdrs, &aup); 281 if (! stat) 282 goto done; 283 284 /* update the time and serialize in place */ 285 (void)gettimeofday(&now, (struct timezone *)0); 286 aup.aup_time = now.tv_sec; 287 xdrs.x_op = XDR_ENCODE; 288 XDR_SETPOS(&xdrs, 0); 289 stat = xdr_authunix_parms(&xdrs, &aup); 290 if (! stat) 291 goto done; 292 auth->ah_cred = au->au_origcred; 293 marshal_new_auth(auth); 294 done: 295 /* free the struct authunix_parms created by deserializing */ 296 xdrs.x_op = XDR_FREE; 297 (void)xdr_authunix_parms(&xdrs, &aup); 298 XDR_DESTROY(&xdrs); 299 return (stat); 300 } 301 302 static void 303 authunix_destroy(auth) 304 AUTH *auth; 305 { 306 struct audata *au = AUTH_PRIVATE(auth); 307 308 mem_free(au->au_origcred.oa_base, au->au_origcred.oa_length); 309 310 if (au->au_shcred.oa_base != NULL) 311 mem_free(au->au_shcred.oa_base, au->au_shcred.oa_length); 312 313 mem_free(auth->ah_private, sizeof(struct audata)); 314 315 if (auth->ah_verf.oa_base != NULL) 316 mem_free(auth->ah_verf.oa_base, auth->ah_verf.oa_length); 317 318 mem_free(auth, sizeof(*auth)); 319 } 320 321 /* 322 * Marshals (pre-serializes) an auth struct. 323 * sets private data, au_marshed and au_mpos 324 */ 325 static void 326 marshal_new_auth(auth) 327 AUTH *auth; 328 { 329 XDR xdr_stream; 330 XDR *xdrs = &xdr_stream; 331 struct audata *au = AUTH_PRIVATE(auth); 332 333 xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE); 334 if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) || 335 (! xdr_opaque_auth(xdrs, &(auth->ah_verf)))) { 336 perror("auth_none.c - Fatal marshalling problem"); 337 } else { 338 au->au_mpos = XDR_GETPOS(xdrs); 339 } 340 XDR_DESTROY(xdrs); 341 } 342
Indexes created Thu Sep 25 06:09:39 GMT 2025