usr/src/lib/libc/port/nsl/svc_auth_loopb.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License, Version 1.0 only
   6  * (the "License").  You may not use this file except in compliance
   7  * with the License.
   8  *
   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22
  23 /*
  24  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  25  * Copyright 2017 Joyent Inc
  26  * Use is subject to license terms.
  27  */
  28
  29 /*
  30  * Handles the loopback UNIX flavor authentication parameters on the
  31  * service side of rpc.
  32  */
  33
  34 #include "mt.h"
  35 #include <stdio.h>
  36 #include <rpc/rpc.h>
  37 #include <syslog.h>
  38 #include <sys/types.h>
  39 #include <sys/debug.h>
  40
  41 /*
  42  * NOTE: this has to fit inside RQCRED_SIZE bytes. If you update this struct,
  43  * double-check it still fits.
  44  */
  45 struct authlpbk_area {
  46         struct authsys_parms area_aup;
  47         char area_machname[MAX_MACHINE_NAME+1];
  48         gid_t area_gids[NGRPS_LOOPBACK];
  49 };
  50 CTASSERT(sizeof (struct authlpbk_area) <= RQCRED_SIZE);
  51
  52 /*
  53  * Loopback system (Unix) longhand authenticator
  54  */
  55 enum auth_stat
  56 __svcauth_loopback(struct svc_req *rqst, struct rpc_msg *msg)
  57 {
  58         struct authsys_parms *aup;
  59         int32_t *buf;
  60         struct authlpbk_area *area;
  61         uint_t auth_len;
  62         uint_t str_len, gid_len;
  63         int i;
  64
  65         /* LINTED pointer cast */
  66         area = (struct authlpbk_area *)rqst->rq_clntcred;
  67         aup = &area->area_aup;
  68         aup->aup_machname = area->area_machname;
  69         aup->aup_gids = area->area_gids;
  70         auth_len = msg->rm_call.cb_cred.oa_length;
  71         if (auth_len == 0)
  72                 return (AUTH_BADCRED);
  73
  74         /* LINTED pointer cast */
  75         buf = (int32_t *)msg->rm_call.cb_cred.oa_base;
  76
  77         aup->aup_time = IXDR_GET_INT32(buf);
  78         str_len = IXDR_GET_U_INT32(buf);
  79         if (str_len > MAX_MACHINE_NAME)
  80                 return (AUTH_BADCRED);
  81         if (str_len > auth_len)
  82                 return (AUTH_BADCRED);
  83         (void) memcpy(aup->aup_machname, buf, str_len);
  84         aup->aup_machname[str_len] = 0;
  85         str_len = RNDUP(str_len);
  86         buf += str_len / sizeof (int);
  87         aup->aup_uid = IXDR_GET_INT32(buf);
  88         aup->aup_gid = IXDR_GET_INT32(buf);
  89         gid_len = IXDR_GET_U_INT32(buf);
  90         if (gid_len > NGRPS_LOOPBACK)
  91                 return (AUTH_BADCRED);
  92         /*
  93          * five is the smallest unix credentials structure -
  94          * timestamp, hostname len (0), uid, gid, and gids len (0).
  95          */
  96         if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len)
  97                 return (AUTH_BADCRED);
  98
  99         aup->aup_len = gid_len;
 100         for (i = 0; i < gid_len; i++) {
 101                 aup->aup_gids[i] = (gid_t)IXDR_GET_INT32(buf);
 102         }
 103
 104         rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL;
 105         rqst->rq_xprt->xp_verf.oa_length = 0;
 106
 107         return (AUTH_OK);
 108 }