lib/libc/rpc/svc_auth.c

   1 /*      $NetBSD: svc_auth.c,v 1.15 2003/09/09 03:56:40 itojun Exp $     */
   2
   3 /*
   4  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
   5  * unrestricted use provided that this legend is included on all tape
   6  * media and as a part of the software program in whole or part.  Users
   7  * may copy or modify Sun RPC without charge, but are not authorized
   8  * to license or distribute it to anyone else except as part of a product or
   9  * program developed by the user.
  10  *
  11  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  12  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  13  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
  14  *
  15  * Sun RPC is provided with no support and without any obligation on the
  16  * part of Sun Microsystems, Inc. to assist in its use, correction,
  17  * modification or enhancement.
  18  *
  19  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  20  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  21  * OR ANY PART THEREOF.
  22  *
  23  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  24  * or profits or other special, indirect and consequential damages, even if
  25  * Sun has been advised of the possibility of such damages.
  26  *
  27  * Sun Microsystems, Inc.
  28  * 2550 Garcia Avenue
  29  * Mountain View, California  94043
  30  */
  31 /*
  32  * Copyright (c) 1986-1991 by Sun Microsystems Inc.
  33  */
  34
  35 /* #ident       "@(#)svc_auth.c 1.16    94/04/24 SMI" */
  36
  37 #include <sys/cdefs.h>
  38 #if defined(LIBC_SCCS) && !defined(lint)
  39 #if 0
  40 static char sccsid[] = "@(#)svc_auth.c 1.26 89/02/07 Copyr 1984 Sun Micro";
  41 #else
  42 __RCSID("$NetBSD: svc_auth.c,v 1.15 2003/09/09 03:56:40 itojun Exp $");
  43 #endif
  44 #endif
  45
  46 /*
  47  * svc_auth.c, Server-side rpc authenticator interface.
  48  *
  49  */
  50
  51 #include "namespace.h"
  52 #include "reentrant.h"
  53 #include <sys/types.h>
  54 #include <rpc/rpc.h>
  55 #include <assert.h>
  56 #include <stdlib.h>
  57
  58 #ifdef __weak_alias
  59 __weak_alias(svc_auth_reg,_svc_auth_reg)
  60 #endif
  61
  62 /*
  63  * svcauthsw is the bdevsw of server side authentication.
  64  *
  65  * Server side authenticators are called from authenticate by
  66  * using the client auth struct flavor field to index into svcauthsw.
  67  * The server auth flavors must implement a routine that looks
  68  * like:
  69  *
  70  *      enum auth_stat
  71  *      flavorx_auth(rqst, msg)
  72  *              struct svc_req *rqst;
  73  *              struct rpc_msg *msg;
  74  *
  75  */
  76
  77 /* declarations to allow servers to specify new authentication flavors */
  78 struct authsvc {
  79         int     flavor;
  80         enum    auth_stat (*handler) __P((struct svc_req *, struct rpc_msg *));
  81         struct  authsvc   *next;
  82 };
  83 static struct authsvc *Auths = NULL;
  84
  85 /*
  86  * The call rpc message, msg has been obtained from the wire.  The msg contains
  87  * the raw form of credentials and verifiers.  authenticate returns AUTH_OK
  88  * if the msg is successfully authenticated.  If AUTH_OK then the routine also
  89  * does the following things:
  90  * set rqst->rq_xprt->verf to the appropriate response verifier;
  91  * sets rqst->rq_client_cred to the "cooked" form of the credentials.
  92  *
  93  * NB: rqst->rq_cxprt->verf must be pre-alloctaed;
  94  * its length is set appropriately.
  95  *
  96  * The caller still owns and is responsible for msg->u.cmb.cred and
  97  * msg->u.cmb.verf.  The authentication system retains ownership of
  98  * rqst->rq_client_cred, the cooked credentials.
  99  *
 100  * There is an assumption that any flavour less than AUTH_NULL is
 101  * invalid.
 102  */
 103 enum auth_stat
 104 _authenticate(rqst, msg)
 105         struct svc_req *rqst;
 106         struct rpc_msg *msg;
 107 {
 108         int cred_flavor;
 109         struct authsvc *asp;
 110         enum auth_stat dummy;
 111 #ifdef _REENTRANT
 112         extern mutex_t authsvc_lock;
 113 #endif
 114
 115         _DIAGASSERT(rqst != NULL);
 116         _DIAGASSERT(msg != NULL);
 117
 118 /* VARIABLES PROTECTED BY authsvc_lock: asp, Auths */
 119
 120         rqst->rq_cred = msg->rm_call.cb_cred;
 121         rqst->rq_xprt->xp_verf.oa_flavor = _null_auth.oa_flavor;
 122         rqst->rq_xprt->xp_verf.oa_length = 0;
 123         cred_flavor = rqst->rq_cred.oa_flavor;
 124         switch (cred_flavor) {
 125         case AUTH_NULL:
 126                 dummy = _svcauth_null(rqst, msg);
 127                 return (dummy);
 128         case AUTH_SYS:
 129                 dummy = _svcauth_unix(rqst, msg);
 130                 return (dummy);
 131         case AUTH_SHORT:
 132                 dummy = _svcauth_short(rqst, msg);
 133                 return (dummy);
 134 #if 0
 135         case AUTH_DES:
 136                 dummy = __svcauth_des(rqst, msg);
 137                 return (dummy);
 138 #endif
 139         default:
 140                 break;
 141         }
 142
 143         /* flavor doesn't match any of the builtin types, so try new ones */
 144         mutex_lock(&authsvc_lock);
 145         for (asp = Auths; asp; asp = asp->next) {
 146                 if (asp->flavor == cred_flavor) {
 147                         enum auth_stat as;
 148
 149                         as = (*asp->handler)(rqst, msg);
 150                         mutex_unlock(&authsvc_lock);
 151                         return (as);
 152                 }
 153         }
 154         mutex_unlock(&authsvc_lock);
 155
 156         return (AUTH_REJECTEDCRED);
 157 }
 158
 159 /*ARGSUSED*/
 160 enum auth_stat
 161 _svcauth_null(rqst, msg)
 162         struct svc_req *rqst;
 163         struct rpc_msg *msg;
 164 {
 165         return (AUTH_OK);
 166 }
 167
 168 /*
 169  *  Allow the rpc service to register new authentication types that it is
 170  *  prepared to handle.  When an authentication flavor is registered,
 171  *  the flavor is checked against already registered values.  If not
 172  *  registered, then a new Auths entry is added on the list.
 173  *
 174  *  There is no provision to delete a registration once registered.
 175  *
 176  *  This routine returns:
 177  *       0 if registration successful
 178  *       1 if flavor already registered
 179  *      -1 if can't register (errno set)
 180  */
 181
 182 int
 183 svc_auth_reg(cred_flavor, handler)
 184         int cred_flavor;
 185         enum auth_stat (*handler) __P((struct svc_req *, struct rpc_msg *));
 186 {
 187         struct authsvc *asp;
 188 #ifdef _REENTRANT
 189         extern mutex_t authsvc_lock;
 190 #endif
 191
 192         switch (cred_flavor) {
 193             case AUTH_NULL:
 194             case AUTH_SYS:
 195             case AUTH_SHORT:
 196 #if 0
 197             case AUTH_DES:
 198 #endif
 199                 /* already registered */
 200                 return (1);
 201
 202             default:
 203                 mutex_lock(&authsvc_lock);
 204                 for (asp = Auths; asp; asp = asp->next) {
 205                         if (asp->flavor == cred_flavor) {
 206                                 /* already registered */
 207                                 mutex_unlock(&authsvc_lock);
 208                                 return (1);
 209                         }
 210                 }
 211
 212                 /* this is a new one, so go ahead and register it */
 213                 asp = mem_alloc(sizeof (*asp));
 214                 if (asp == NULL) {
 215                         mutex_unlock(&authsvc_lock);
 216                         return (-1);
 217                 }
 218                 asp->flavor = cred_flavor;
 219                 asp->handler = handler;
 220                 asp->next = Auths;
 221                 Auths = asp;
 222                 mutex_unlock(&authsvc_lock);
 223                 break;
 224         }
 225         return (0);
 226 }