search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
opendir change: refinement
[minix.git] / lib / libc / rpc / auth_unix.c
blob8e3f3ab4e3ce31f95ce934a6bb6787ccab0f6fde
1 /* $NetBSD: auth_unix.c,v 1.23 2012/03/20 17:14:50 matt Exp $ */
2
3 /*
4 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
5 * unrestricted use provided that this legend is included on all tape
6 * media and as a part of the software program in whole or part. Users
7 * may copy or modify Sun RPC without charge, but are not authorized
8 * to license or distribute it to anyone else except as part of a product or
9 * program developed by the user.
10 *
11 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
12 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
13 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
14 *
15 * Sun RPC is provided with no support and without any obligation on the
16 * part of Sun Microsystems, Inc. to assist in its use, correction,
17 * modification or enhancement.
18 *
19 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
20 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
21 * OR ANY PART THEREOF.
22 *
23 * In no event will Sun Microsystems, Inc. be liable for any lost revenue
24 * or profits or other special, indirect and consequential damages, even if
25 * Sun has been advised of the possibility of such damages.
26 *
27 * Sun Microsystems, Inc.
28 * 2550 Garcia Avenue
29 * Mountain View, California 94043
30 */
31
32 #include <sys/cdefs.h>
33 #if defined(LIBC_SCCS) && !defined(lint)
34 #if 0
35 static char *sccsid = "@(#)auth_unix.c 1.19 87/08/11 Copyr 1984 Sun Micro";
36 static char *sccsid = "@(#)auth_unix.c 2.2 88/08/01 4.0 RPCSRC";
37 #else
38 __RCSID("$NetBSD: auth_unix.c,v 1.23 2012/03/20 17:14:50 matt Exp $");
39 #endif
40 #endif
41
42 /*
43 * auth_unix.c, Implements UNIX style authentication parameters.
44 *
45 * Copyright (C) 1984, Sun Microsystems, Inc.
46 *
47 * The system is very weak. The client uses no encryption for it's
48 * credentials and only sends null verifiers. The server sends backs
49 * null verifiers or optionally a verifier that suggests a new short hand
50 * for the credentials.
51 *
52 */
53
54 #include "namespace.h"
55 #include "reentrant.h"
56 #include <sys/param.h>
57
58 #include <assert.h>
59 #include <err.h>
60 #include <stdio.h>
61 #include <stdlib.h>
62 #include <string.h>
63 #include <unistd.h>
64
65 #include <rpc/types.h>
66 #include <rpc/xdr.h>
67 #include <rpc/auth.h>
68 #include <rpc/auth_unix.h>
69
70 #ifdef __weak_alias
71 __weak_alias(authunix_create,_authunix_create)
72 __weak_alias(authunix_create_default,_authunix_create_default)
73 #endif
74
75
76 /* auth_unix.c */
77 static void authunix_nextverf(AUTH *);
78 static bool_t authunix_marshal(AUTH *, XDR *);
79 static bool_t authunix_validate(AUTH *, struct opaque_auth *);
80 static bool_t authunix_refresh(AUTH *);
81 static void authunix_destroy(AUTH *);
82 static void marshal_new_auth(AUTH *);
83 static const struct auth_ops *authunix_ops(void);
84
85 /*
86 * This struct is pointed to by the ah_private field of an auth_handle.
87 */
88 struct audata {
89 struct opaque_auth au_origcred; /* original credentials */
90 struct opaque_auth au_shcred; /* short hand cred */
91 u_long au_shfaults; /* short hand cache faults */
92 char au_marshed[MAX_AUTH_BYTES];
93 u_int au_mpos; /* xdr pos at end of marshed */
94 };
95 #define AUTH_PRIVATE(auth) ((struct audata *)auth->ah_private)
96
97 /*
98 * Create a unix style authenticator.
99 * Returns an auth handle with the given stuff in it.
100 */
101 AUTH *
102 authunix_create(char *machname, int uid, int gid, int len, int *aup_gids)
103 {
104 struct authunix_parms aup;
105 char mymem[MAX_AUTH_BYTES];
106 struct timeval now;
107 XDR xdrs;
108 AUTH *auth;
109 struct audata *au;
110
111 /*
112 * Allocate and set up auth handle
113 */
114 au = NULL;
115 auth = mem_alloc(sizeof(*auth));
116 #ifndef KERNEL
117 if (auth == NULL) {
118 warnx("authunix_create: out of memory");
119 goto cleanup_authunix_create;
120 }
121 #endif
122 au = mem_alloc(sizeof(*au));
123 #ifndef KERNEL
124 if (au == NULL) {
125 warnx("authunix_create: out of memory");
126 goto cleanup_authunix_create;
127 }
128 #endif
129 auth->ah_ops = authunix_ops();
130 auth->ah_private = au;
131 auth->ah_verf = au->au_shcred = _null_auth;
132 au->au_shfaults = 0;
133 au->au_origcred.oa_base = NULL;
134
135 /*
136 * fill in param struct from the given params
137 */
138 (void)gettimeofday(&now, NULL);
139 aup.aup_time = (u_long)now.tv_sec; /* XXX: truncate on 32 bit */
140 aup.aup_machname = machname;
141 aup.aup_uid = uid;
142 aup.aup_gid = gid;
143 aup.aup_len = (u_int)len;
144 aup.aup_gids = aup_gids;
145
146 /*
147 * Serialize the parameters into origcred
148 */
149 xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE);
150 if (! xdr_authunix_parms(&xdrs, &aup))
151 abort();
152 au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);
153 au->au_origcred.oa_flavor = AUTH_UNIX;
154 #ifdef KERNEL
155 au->au_origcred.oa_base = mem_alloc((size_t)len);
156 #else
157 if ((au->au_origcred.oa_base = mem_alloc((size_t)len)) == NULL) {
158 warnx("authunix_create: out of memory");
159 goto cleanup_authunix_create;
160 }
161 #endif
162 memmove(au->au_origcred.oa_base, mymem, (size_t)len);
163
164 /*
165 * set auth handle to reflect new cred.
166 */
167 auth->ah_cred = au->au_origcred;
168 marshal_new_auth(auth);
169 return (auth);
170 #ifndef KERNEL
171 cleanup_authunix_create:
172 if (auth)
173 mem_free(auth, sizeof(*auth));
174 if (au) {
175 if (au->au_origcred.oa_base)
176 mem_free(au->au_origcred.oa_base, (u_int)len);
177 mem_free(au, sizeof(*au));
178 }
179 return (NULL);
180 #endif
181 }
182
183 /*
184 * Returns an auth handle with parameters determined by doing lots of
185 * syscalls.
186 */
187 AUTH *
188 authunix_create_default(void)
189 {
190 int len;
191 char machname[MAXHOSTNAMELEN + 1];
192 uid_t uid;
193 gid_t gid;
194 gid_t gids[NGRPS];
195
196 if (gethostname(machname, sizeof machname) == -1)
197 abort();
198 machname[sizeof(machname) - 1] = 0;
199 uid = geteuid();
200 gid = getegid();
201 if ((len = getgroups(NGRPS, gids)) < 0)
202 abort();
203 /* XXX: interface problem; those should all have been unsigned */
204 return (authunix_create(machname, (int)uid, (int)gid, len,
205 (int *)gids));
206 }
207
208 /*
209 * authunix operations
210 */
211
212 /* ARGSUSED */
213 static void
214 authunix_nextverf(AUTH *auth)
215 {
216 /* no action necessary */
217 }
218
219 static bool_t
220 authunix_marshal(AUTH *auth, XDR *xdrs)
221 {
222 struct audata *au;
223
224 _DIAGASSERT(auth != NULL);
225 _DIAGASSERT(xdrs != NULL);
226
227 au = AUTH_PRIVATE(auth);
228 return (XDR_PUTBYTES(xdrs, au->au_marshed, au->au_mpos));
229 }
230
231 static bool_t
232 authunix_validate(AUTH *auth, struct opaque_auth *verf)
233 {
234 struct audata *au;
235 XDR xdrs;
236
237 _DIAGASSERT(auth != NULL);
238 _DIAGASSERT(verf != NULL);
239
240 if (verf->oa_flavor == AUTH_SHORT) {
241 au = AUTH_PRIVATE(auth);
242 xdrmem_create(&xdrs, verf->oa_base, verf->oa_length,
243 XDR_DECODE);
244
245 if (au->au_shcred.oa_base != NULL) {
246 mem_free(au->au_shcred.oa_base,
247 au->au_shcred.oa_length);
248 au->au_shcred.oa_base = NULL;
249 }
250 if (xdr_opaque_auth(&xdrs, &au->au_shcred)) {
251 auth->ah_cred = au->au_shcred;
252 } else {
253 xdrs.x_op = XDR_FREE;
254 (void)xdr_opaque_auth(&xdrs, &au->au_shcred);
255 au->au_shcred.oa_base = NULL;
256 auth->ah_cred = au->au_origcred;
257 }
258 marshal_new_auth(auth);
259 }
260 return (TRUE);
261 }
262
263 static bool_t
264 authunix_refresh(AUTH *auth)
265 {
266 struct audata *au = AUTH_PRIVATE(auth);
267 struct authunix_parms aup;
268 struct timeval now;
269 XDR xdrs;
270 int stat;
271
272 _DIAGASSERT(auth != NULL);
273
274 if (auth->ah_cred.oa_base == au->au_origcred.oa_base) {
275 /* there is no hope. Punt */
276 return (FALSE);
277 }
278 au->au_shfaults++;
279
280 /* first deserialize the creds back into a struct authunix_parms */
281 aup.aup_machname = NULL;
282 aup.aup_gids = NULL;
283 xdrmem_create(&xdrs, au->au_origcred.oa_base,
284 au->au_origcred.oa_length, XDR_DECODE);
285 stat = xdr_authunix_parms(&xdrs, &aup);
286 if (! stat)
287 goto done;
288
289 /* update the time and serialize in place */
290 (void)gettimeofday(&now, NULL);
291 aup.aup_time = (u_long)now.tv_sec; /* XXX: truncate on 32 bit */
292 xdrs.x_op = XDR_ENCODE;
293 XDR_SETPOS(&xdrs, 0);
294 stat = xdr_authunix_parms(&xdrs, &aup);
295 if (! stat)
296 goto done;
297 auth->ah_cred = au->au_origcred;
298 marshal_new_auth(auth);
299 done:
300 /* free the struct authunix_parms created by deserializing */
301 xdrs.x_op = XDR_FREE;
302 (void)xdr_authunix_parms(&xdrs, &aup);
303 XDR_DESTROY(&xdrs);
304 return (stat);
305 }
306
307 static void
308 authunix_destroy(AUTH *auth)
309 {
310 struct audata *au;
311
312 _DIAGASSERT(auth != NULL);
313
314 au = AUTH_PRIVATE(auth);
315 mem_free(au->au_origcred.oa_base, au->au_origcred.oa_length);
316
317 if (au->au_shcred.oa_base != NULL)
318 mem_free(au->au_shcred.oa_base, au->au_shcred.oa_length);
319
320 mem_free(auth->ah_private, sizeof(struct audata));
321
322 if (auth->ah_verf.oa_base != NULL)
323 mem_free(auth->ah_verf.oa_base, auth->ah_verf.oa_length);
324
325 mem_free(auth, sizeof(*auth));
326 }
327
328 /*
329 * Marshals (pre-serializes) an auth struct.
330 * sets private data, au_marshed and au_mpos
331 */
332 static void
333 marshal_new_auth(AUTH *auth)
334 {
335 XDR xdr_stream;
336 XDR *xdrs = &xdr_stream;
337 struct audata *au;
338
339 _DIAGASSERT(auth != NULL);
340
341 au = AUTH_PRIVATE(auth);
342 xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE);
343 if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) ||
344 (! xdr_opaque_auth(xdrs, &(auth->ah_verf))))
345 warnx("auth_none.c - Fatal marshalling problem");
346 else
347 au->au_mpos = XDR_GETPOS(xdrs);
348 XDR_DESTROY(xdrs);
349 }
350
351 static const struct auth_ops *
352 authunix_ops(void)
353 {
354 static struct auth_ops ops;
355 #ifdef _REENTRANT
356 extern mutex_t ops_lock;
357 #endif
358
359 /* VARIABLES PROTECTED BY ops_lock: ops */
360
361 mutex_lock(&ops_lock);
362 if (ops.ah_nextverf == NULL) {
363 ops.ah_nextverf = authunix_nextverf;
364 ops.ah_marshal = authunix_marshal;
365 ops.ah_validate = authunix_validate;
366 ops.ah_refresh = authunix_refresh;
367 ops.ah_destroy = authunix_destroy;
368 }
369 mutex_unlock(&ops_lock);
370 return (&ops);
371 }
MINIX 3 (repo.or.cz mirror)