xref: /illumos-gate/usr/src/lib/libnsl/rpc/svc_auth_loopb.c (revision 581cede61ac9c14d8d4ea452562a567189eead78) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 
23 /*
24  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
25  * Use is subject to license terms.
26  */
27 
28 #pragma ident	"%Z%%M%	%I%	%E% SMI"
29 
30 /*
31  * Handles the loopback UNIX flavor authentication parameters on the
32  * service side of rpc.
33  */
34 
35 #include "mt.h"
36 #include <stdio.h>
37 #include <rpc/rpc.h>
38 #include <syslog.h>
39 #include <sys/types.h>
40 
41 /*
42  * Loopback system (Unix) longhand authenticator
43  */
44 enum auth_stat
45 __svcauth_loopback(struct svc_req *rqst, struct rpc_msg *msg)
46 {
47 	enum auth_stat stat;
48 	XDR xdrs;
49 	struct authsys_parms *aup;
50 	rpc_inline_t *buf;
51 	struct area {
52 		struct authsys_parms area_aup;
53 		char area_machname[MAX_MACHINE_NAME+1];
54 		gid_t area_gids[NGRPS_LOOPBACK];
55 	} *area;
56 	size_t auth_len;
57 	size_t str_len, gid_len;
58 	int i;
59 
60 	/* LINTED pointer cast */
61 	area = (struct area *)rqst->rq_clntcred;
62 	aup = &area->area_aup;
63 	aup->aup_machname = area->area_machname;
64 	aup->aup_gids = area->area_gids;
65 	auth_len = (size_t)msg->rm_call.cb_cred.oa_length;
66 	if (auth_len == 0)
67 		return (AUTH_BADCRED);
68 	xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,
69 	    XDR_DECODE);
70 	buf = XDR_INLINE(&xdrs, auth_len);
71 	if (buf != NULL) {
72 		aup->aup_time = IXDR_GET_INT32(buf);
73 		str_len = IXDR_GET_U_INT32(buf);
74 		if (str_len > MAX_MACHINE_NAME) {
75 			stat = AUTH_BADCRED;
76 			goto done;
77 		}
78 		(void) memcpy(aup->aup_machname, buf, str_len);
79 		aup->aup_machname[str_len] = 0;
80 		str_len = RNDUP(str_len);
81 		buf += str_len / sizeof (int);
82 		aup->aup_uid = IXDR_GET_INT32(buf);
83 		aup->aup_gid = IXDR_GET_INT32(buf);
84 		gid_len = IXDR_GET_U_INT32(buf);
85 		if (gid_len > NGRPS_LOOPBACK) {
86 			stat = AUTH_BADCRED;
87 			goto done;
88 		}
89 		aup->aup_len = gid_len;
90 		for (i = 0; i < gid_len; i++) {
91 			aup->aup_gids[i] = (gid_t)IXDR_GET_INT32(buf);
92 		}
93 		/*
94 		 * five is the smallest unix credentials structure -
95 		 * timestamp, hostname len (0), uid, gid, and gids len (0).
96 		 */
97 		if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
98 			(void) syslog(LOG_ERR,
99 			    "bad auth_len gid %lu str %lu auth %lu",
100 			    gid_len, str_len, auth_len);
101 			stat = AUTH_BADCRED;
102 			goto done;
103 		}
104 	} else if (!xdr_authloopback_parms(&xdrs, aup)) {
105 		xdrs.x_op = XDR_FREE;
106 		(void) xdr_authloopback_parms(&xdrs, aup);
107 		stat = AUTH_BADCRED;
108 		goto done;
109 	}
110 	rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL;
111 	rqst->rq_xprt->xp_verf.oa_length = 0;
112 	stat = AUTH_OK;
113 done:
114 	XDR_DESTROY(&xdrs);
115 	return (stat);
116 }
117