| 1 | /* |
| 2 | * Sun RPC is a product of Sun Microsystems, Inc. and is provided for |
| 3 | * unrestricted use provided that this legend is included on all tape |
| 4 | * media and as a part of the software program in whole or part. Users |
| 5 | * may copy or modify Sun RPC without charge, but are not authorized |
| 6 | * to license or distribute it to anyone else except as part of a product or |
| 7 | * program developed by the user. |
| 8 | * |
| 9 | * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE |
| 10 | * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR |
| 11 | * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. |
| 12 | * |
| 13 | * Sun RPC is provided with no support and without any obligation on the |
| 14 | * part of Sun Microsystems, Inc. to assist in its use, correction, |
| 15 | * modification or enhancement. |
| 16 | * |
| 17 | * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE |
| 18 | * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC |
| 19 | * OR ANY PART THEREOF. |
| 20 | * |
| 21 | * In no event will Sun Microsystems, Inc. be liable for any lost revenue |
| 22 | * or profits or other special, indirect and consequential damages, even if |
| 23 | * Sun has been advised of the possibility of such damages. |
| 24 | * |
| 25 | * Sun Microsystems, Inc. |
| 26 | * 2550 Garcia Avenue |
| 27 | * Mountain View, California 94043 |
| 28 | */ |
| 29 | |
| 30 | #if defined(LIBC_SCCS) && !defined(lint) |
| 31 | /*static char *sccsid = "from: @(#)auth_unix.c 1.19 87/08/11 Copyr 1984 Sun Micro";*/ |
| 32 | /*static char *sccsid = "from: @(#)auth_unix.c 2.2 88/08/01 4.0 RPCSRC";*/ |
| 33 | static char *rcsid = "$Id: auth_unix.c,v 1.4 1993/08/26 00:53:11 jtc Exp $"; |
| 34 | #endif |
| 35 | |
| 36 | /* |
| 37 | * auth_unix.c, Implements UNIX style authentication parameters. |
| 38 | * |
| 39 | * Copyright (C) 1984, Sun Microsystems, Inc. |
| 40 | * |
| 41 | * The system is very weak. The client uses no encryption for it's |
| 42 | * credentials and only sends null verifiers. The server sends backs |
| 43 | * null verifiers or optionally a verifier that suggests a new short hand |
| 44 | * for the credentials. |
| 45 | * |
| 46 | */ |
| 47 | |
| 48 | #include <stdio.h> |
| 49 | #include <stdlib.h> |
| 50 | |
| 51 | #include <rpc/types.h> |
| 52 | #include <rpc/xdr.h> |
| 53 | #include <rpc/auth.h> |
| 54 | #include <rpc/auth_unix.h> |
| 55 | |
| 56 | /* |
| 57 | * Unix authenticator operations vector |
| 58 | */ |
| 59 | static void authunix_nextverf(); |
| 60 | static bool_t authunix_marshal(); |
| 61 | static bool_t authunix_validate(); |
| 62 | static bool_t authunix_refresh(); |
| 63 | static void authunix_destroy(); |
| 64 | |
| 65 | static struct auth_ops auth_unix_ops = { |
| 66 | authunix_nextverf, |
| 67 | authunix_marshal, |
| 68 | authunix_validate, |
| 69 | authunix_refresh, |
| 70 | authunix_destroy |
| 71 | }; |
| 72 | |
| 73 | /* |
| 74 | * This struct is pointed to by the ah_private field of an auth_handle. |
| 75 | */ |
| 76 | struct audata { |
| 77 | struct opaque_auth au_origcred; /* original credentials */ |
| 78 | struct opaque_auth au_shcred; /* short hand cred */ |
| 79 | u_long au_shfaults; /* short hand cache faults */ |
| 80 | char au_marshed[MAX_AUTH_BYTES]; |
| 81 | u_int au_mpos; /* xdr pos at end of marshed */ |
| 82 | }; |
| 83 | #define AUTH_PRIVATE(auth) ((struct audata *)auth->ah_private) |
| 84 | |
| 85 | static bool_t marshal_new_auth(); |
| 86 | |
| 87 | |
| 88 | /* |
| 89 | * Create a unix style authenticator. |
| 90 | * Returns an auth handle with the given stuff in it. |
| 91 | */ |
| 92 | AUTH * |
| 93 | authunix_create(machname, uid, gid, len, aup_gids) |
| 94 | char *machname; |
| 95 | int uid; |
| 96 | int gid; |
| 97 | register int len; |
| 98 | int *aup_gids; |
| 99 | { |
| 100 | struct authunix_parms aup; |
| 101 | char mymem[MAX_AUTH_BYTES]; |
| 102 | struct timeval now; |
| 103 | XDR xdrs; |
| 104 | register AUTH *auth; |
| 105 | register struct audata *au; |
| 106 | |
| 107 | /* |
| 108 | * Allocate and set up auth handle |
| 109 | */ |
| 110 | auth = (AUTH *)mem_alloc(sizeof(*auth)); |
| 111 | #ifndef KERNEL |
| 112 | if (auth == NULL) { |
| 113 | (void)fprintf(stderr, "authunix_create: out of memory\n"); |
| 114 | return (NULL); |
| 115 | } |
| 116 | #endif |
| 117 | au = (struct audata *)mem_alloc(sizeof(*au)); |
| 118 | #ifndef KERNEL |
| 119 | if (au == NULL) { |
| 120 | (void)fprintf(stderr, "authunix_create: out of memory\n"); |
| 121 | return (NULL); |
| 122 | } |
| 123 | #endif |
| 124 | auth->ah_ops = &auth_unix_ops; |
| 125 | auth->ah_private = (caddr_t)au; |
| 126 | auth->ah_verf = au->au_shcred = _null_auth; |
| 127 | au->au_shfaults = 0; |
| 128 | |
| 129 | /* |
| 130 | * fill in param struct from the given params |
| 131 | */ |
| 132 | (void)gettimeofday(&now, (struct timezone *)0); |
| 133 | aup.aup_time = now.tv_sec; |
| 134 | aup.aup_machname = machname; |
| 135 | aup.aup_uid = uid; |
| 136 | aup.aup_gid = gid; |
| 137 | aup.aup_len = (u_int)len; |
| 138 | aup.aup_gids = aup_gids; |
| 139 | |
| 140 | /* |
| 141 | * Serialize the parameters into origcred |
| 142 | */ |
| 143 | xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE); |
| 144 | if (! xdr_authunix_parms(&xdrs, &aup)) |
| 145 | abort(); |
| 146 | au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs); |
| 147 | au->au_origcred.oa_flavor = AUTH_UNIX; |
| 148 | #ifdef KERNEL |
| 149 | au->au_origcred.oa_base = mem_alloc((u_int) len); |
| 150 | #else |
| 151 | if ((au->au_origcred.oa_base = mem_alloc((u_int) len)) == NULL) { |
| 152 | (void)fprintf(stderr, "authunix_create: out of memory\n"); |
| 153 | return (NULL); |
| 154 | } |
| 155 | #endif |
| 156 | bcopy(mymem, au->au_origcred.oa_base, (u_int)len); |
| 157 | |
| 158 | /* |
| 159 | * set auth handle to reflect new cred. |
| 160 | */ |
| 161 | auth->ah_cred = au->au_origcred; |
| 162 | marshal_new_auth(auth); |
| 163 | return (auth); |
| 164 | } |
| 165 | |
| 166 | /* |
| 167 | * Returns an auth handle with parameters determined by doing lots of |
| 168 | * syscalls. |
| 169 | */ |
| 170 | AUTH * |
| 171 | authunix_create_default() |
| 172 | { |
| 173 | register int len; |
| 174 | char machname[MAX_MACHINE_NAME + 1]; |
| 175 | register int uid; |
| 176 | register int gid; |
| 177 | int gids[NGRPS]; |
| 178 | |
| 179 | if (gethostname(machname, MAX_MACHINE_NAME) == -1) |
| 180 | abort(); |
| 181 | machname[MAX_MACHINE_NAME] = 0; |
| 182 | uid = geteuid(); |
| 183 | gid = getegid(); |
| 184 | if ((len = getgroups(NGRPS, gids)) < 0) |
| 185 | abort(); |
| 186 | return (authunix_create(machname, uid, gid, len, gids)); |
| 187 | } |
| 188 | |
| 189 | /* |
| 190 | * authunix operations |
| 191 | */ |
| 192 | |
| 193 | static void |
| 194 | authunix_nextverf(auth) |
| 195 | AUTH *auth; |
| 196 | { |
| 197 | /* no action necessary */ |
| 198 | } |
| 199 | |
| 200 | static bool_t |
| 201 | authunix_marshal(auth, xdrs) |
| 202 | AUTH *auth; |
| 203 | XDR *xdrs; |
| 204 | { |
| 205 | register struct audata *au = AUTH_PRIVATE(auth); |
| 206 | |
| 207 | return (XDR_PUTBYTES(xdrs, au->au_marshed, au->au_mpos)); |
| 208 | } |
| 209 | |
| 210 | static bool_t |
| 211 | authunix_validate(auth, verf) |
| 212 | register AUTH *auth; |
| 213 | struct opaque_auth verf; |
| 214 | { |
| 215 | register struct audata *au; |
| 216 | XDR xdrs; |
| 217 | |
| 218 | if (verf.oa_flavor == AUTH_SHORT) { |
| 219 | au = AUTH_PRIVATE(auth); |
| 220 | xdrmem_create(&xdrs, verf.oa_base, verf.oa_length, XDR_DECODE); |
| 221 | |
| 222 | if (au->au_shcred.oa_base != NULL) { |
| 223 | mem_free(au->au_shcred.oa_base, |
| 224 | au->au_shcred.oa_length); |
| 225 | au->au_shcred.oa_base = NULL; |
| 226 | } |
| 227 | if (xdr_opaque_auth(&xdrs, &au->au_shcred)) { |
| 228 | auth->ah_cred = au->au_shcred; |
| 229 | } else { |
| 230 | xdrs.x_op = XDR_FREE; |
| 231 | (void)xdr_opaque_auth(&xdrs, &au->au_shcred); |
| 232 | au->au_shcred.oa_base = NULL; |
| 233 | auth->ah_cred = au->au_origcred; |
| 234 | } |
| 235 | marshal_new_auth(auth); |
| 236 | } |
| 237 | return (TRUE); |
| 238 | } |
| 239 | |
| 240 | static bool_t |
| 241 | authunix_refresh(auth) |
| 242 | register AUTH *auth; |
| 243 | { |
| 244 | register struct audata *au = AUTH_PRIVATE(auth); |
| 245 | struct authunix_parms aup; |
| 246 | struct timeval now; |
| 247 | XDR xdrs; |
| 248 | register int stat; |
| 249 | |
| 250 | if (auth->ah_cred.oa_base == au->au_origcred.oa_base) { |
| 251 | /* there is no hope. Punt */ |
| 252 | return (FALSE); |
| 253 | } |
| 254 | au->au_shfaults ++; |
| 255 | |
| 256 | /* first deserialize the creds back into a struct authunix_parms */ |
| 257 | aup.aup_machname = NULL; |
| 258 | aup.aup_gids = (int *)NULL; |
| 259 | xdrmem_create(&xdrs, au->au_origcred.oa_base, |
| 260 | au->au_origcred.oa_length, XDR_DECODE); |
| 261 | stat = xdr_authunix_parms(&xdrs, &aup); |
| 262 | if (! stat) |
| 263 | goto done; |
| 264 | |
| 265 | /* update the time and serialize in place */ |
| 266 | (void)gettimeofday(&now, (struct timezone *)0); |
| 267 | aup.aup_time = now.tv_sec; |
| 268 | xdrs.x_op = XDR_ENCODE; |
| 269 | XDR_SETPOS(&xdrs, 0); |
| 270 | stat = xdr_authunix_parms(&xdrs, &aup); |
| 271 | if (! stat) |
| 272 | goto done; |
| 273 | auth->ah_cred = au->au_origcred; |
| 274 | marshal_new_auth(auth); |
| 275 | done: |
| 276 | /* free the struct authunix_parms created by deserializing */ |
| 277 | xdrs.x_op = XDR_FREE; |
| 278 | (void)xdr_authunix_parms(&xdrs, &aup); |
| 279 | XDR_DESTROY(&xdrs); |
| 280 | return (stat); |
| 281 | } |
| 282 | |
| 283 | static void |
| 284 | authunix_destroy(auth) |
| 285 | register AUTH *auth; |
| 286 | { |
| 287 | register struct audata *au = AUTH_PRIVATE(auth); |
| 288 | |
| 289 | mem_free(au->au_origcred.oa_base, au->au_origcred.oa_length); |
| 290 | |
| 291 | if (au->au_shcred.oa_base != NULL) |
| 292 | mem_free(au->au_shcred.oa_base, au->au_shcred.oa_length); |
| 293 | |
| 294 | mem_free(auth->ah_private, sizeof(struct audata)); |
| 295 | |
| 296 | if (auth->ah_verf.oa_base != NULL) |
| 297 | mem_free(auth->ah_verf.oa_base, auth->ah_verf.oa_length); |
| 298 | |
| 299 | mem_free((caddr_t)auth, sizeof(*auth)); |
| 300 | } |
| 301 | |
| 302 | /* |
| 303 | * Marshals (pre-serializes) an auth struct. |
| 304 | * sets private data, au_marshed and au_mpos |
| 305 | */ |
| 306 | static bool_t |
| 307 | marshal_new_auth(auth) |
| 308 | register AUTH *auth; |
| 309 | { |
| 310 | XDR xdr_stream; |
| 311 | register XDR *xdrs = &xdr_stream; |
| 312 | register struct audata *au = AUTH_PRIVATE(auth); |
| 313 | |
| 314 | xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE); |
| 315 | if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) || |
| 316 | (! xdr_opaque_auth(xdrs, &(auth->ah_verf)))) { |
| 317 | perror("auth_none.c - Fatal marshalling problem"); |
| 318 | } else { |
| 319 | au->au_mpos = XDR_GETPOS(xdrs); |
| 320 | } |
| 321 | XDR_DESTROY(xdrs); |
| 322 | } |