svc_auth.c revision 181344 
1/*	$NetBSD: svc_auth.c,v 1.12 2000/07/06 03:10:35 christos Exp $	*/
2
3/*
4 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
5 * unrestricted use provided that this legend is included on all tape
6 * media and as a part of the software program in whole or part.  Users
7 * may copy or modify Sun RPC without charge, but are not authorized
8 * to license or distribute it to anyone else except as part of a product or
9 * program developed by the user.
10 *
11 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
12 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
13 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
14 *
15 * Sun RPC is provided with no support and without any obligation on the
16 * part of Sun Microsystems, Inc. to assist in its use, correction,
17 * modification or enhancement.
18 *
19 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
20 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
21 * OR ANY PART THEREOF.
22 *
23 * In no event will Sun Microsystems, Inc. be liable for any lost revenue
24 * or profits or other special, indirect and consequential damages, even if
25 * Sun has been advised of the possibility of such damages.
26 *
27 * Sun Microsystems, Inc.
28 * 2550 Garcia Avenue
29 * Mountain View, California  94043
30 */
31/*
32 * Copyright (c) 1986-1991 by Sun Microsystems Inc.
33 */
34
35#if defined(LIBC_SCCS) && !defined(lint)
36#ident	"@(#)svc_auth.c	1.16	94/04/24 SMI"
37static char sccsid[] = "@(#)svc_auth.c 1.26 89/02/07 Copyr 1984 Sun Micro";
38#endif
39#include <sys/cdefs.h>
40__FBSDID("$FreeBSD: head/lib/libc/rpc/svc_auth.c 181344 2008-08-06 14:02:05Z dfr $");
41
42/*
43 * svc_auth.c, Server-side rpc authenticator interface.
44 *
45 */
46
47#include "namespace.h"
48#include "reentrant.h"
49#include <sys/types.h>
50#include <rpc/rpc.h>
51#include <stdlib.h>
52#include "un-namespace.h"
53#include "mt_misc.h"
54
55/*
56 * svcauthsw is the bdevsw of server side authentication.
57 *
58 * Server side authenticators are called from authenticate by
59 * using the client auth struct flavor field to index into svcauthsw.
60 * The server auth flavors must implement a routine that looks
61 * like:
62 *
63 *	enum auth_stat
64 *	flavorx_auth(rqst, msg)
65 *		struct svc_req *rqst;
66 *		struct rpc_msg *msg;
67 *
68 */
69
70/* declarations to allow servers to specify new authentication flavors */
71struct authsvc {
72	int	flavor;
73	enum	auth_stat (*handler)(struct svc_req *, struct rpc_msg *);
74	struct	authsvc	  *next;
75};
76static struct authsvc *Auths = NULL;
77
78static struct svc_auth_ops svc_auth_null_ops;
79
80/*
81 * The call rpc message, msg has been obtained from the wire.  The msg contains
82 * the raw form of credentials and verifiers.  authenticate returns AUTH_OK
83 * if the msg is successfully authenticated.  If AUTH_OK then the routine also
84 * does the following things:
85 * set rqst->rq_xprt->verf to the appropriate response verifier;
86 * sets rqst->rq_client_cred to the "cooked" form of the credentials.
87 *
88 * NB: rqst->rq_cxprt->verf must be pre-alloctaed;
89 * its length is set appropriately.
90 *
91 * The caller still owns and is responsible for msg->u.cmb.cred and
92 * msg->u.cmb.verf.  The authentication system retains ownership of
93 * rqst->rq_client_cred, the cooked credentials.
94 *
95 * There is an assumption that any flavour less than AUTH_NULL is
96 * invalid.
97 */
98enum auth_stat
99_authenticate(rqst, msg)
100	struct svc_req *rqst;
101	struct rpc_msg *msg;
102{
103	int cred_flavor;
104	struct authsvc *asp;
105	enum auth_stat dummy;
106
107/* VARIABLES PROTECTED BY authsvc_lock: asp, Auths */
108
109	rqst->rq_cred = msg->rm_call.cb_cred;
110	SVC_AUTH(rqst->rq_xprt).svc_ah_ops = &svc_auth_null_ops;
111	SVC_AUTH(rqst->rq_xprt).svc_ah_private = NULL;
112	rqst->rq_xprt->xp_verf.oa_flavor = _null_auth.oa_flavor;
113	rqst->rq_xprt->xp_verf.oa_length = 0;
114	cred_flavor = rqst->rq_cred.oa_flavor;
115	switch (cred_flavor) {
116	case AUTH_NULL:
117		dummy = _svcauth_null(rqst, msg);
118		return (dummy);
119	case AUTH_SYS:
120		dummy = _svcauth_unix(rqst, msg);
121		return (dummy);
122	case AUTH_SHORT:
123		dummy = _svcauth_short(rqst, msg);
124		return (dummy);
125#ifdef DES_BUILTIN
126	case AUTH_DES:
127		dummy = _svcauth_des(rqst, msg);
128		return (dummy);
129#endif
130	default:
131		break;
132	}
133
134	/* flavor doesn't match any of the builtin types, so try new ones */
135	mutex_lock(&authsvc_lock);
136	for (asp = Auths; asp; asp = asp->next) {
137		if (asp->flavor == cred_flavor) {
138			enum auth_stat as;
139
140			as = (*asp->handler)(rqst, msg);
141			mutex_unlock(&authsvc_lock);
142			return (as);
143		}
144	}
145	mutex_unlock(&authsvc_lock);
146
147	return (AUTH_REJECTEDCRED);
148}
149
150/*
151 * A set of null auth methods used by any authentication protocols
152 * that don't need to inspect or modify the message body.
153 */
154static bool_t
155svcauth_null_wrap(auth, xdrs, xdr_func, xdr_ptr)
156	SVCAUTH *auth;
157	XDR *xdrs;
158	xdrproc_t xdr_func;
159	caddr_t xdr_ptr;
160{
161
162	return (xdr_func(xdrs, xdr_ptr));
163}
164
165static struct svc_auth_ops svc_auth_null_ops = {
166	svcauth_null_wrap,
167	svcauth_null_wrap,
168};
169
170/*ARGSUSED*/
171enum auth_stat
172_svcauth_null(rqst, msg)
173	struct svc_req *rqst;
174	struct rpc_msg *msg;
175{
176	return (AUTH_OK);
177}
178
179/*
180 *  Allow the rpc service to register new authentication types that it is
181 *  prepared to handle.  When an authentication flavor is registered,
182 *  the flavor is checked against already registered values.  If not
183 *  registered, then a new Auths entry is added on the list.
184 *
185 *  There is no provision to delete a registration once registered.
186 *
187 *  This routine returns:
188 *	 0 if registration successful
189 *	 1 if flavor already registered
190 *	-1 if can't register (errno set)
191 */
192
193int
194svc_auth_reg(cred_flavor, handler)
195	int cred_flavor;
196	enum auth_stat (*handler)(struct svc_req *, struct rpc_msg *);
197{
198	struct authsvc *asp;
199
200	switch (cred_flavor) {
201	    case AUTH_NULL:
202	    case AUTH_SYS:
203	    case AUTH_SHORT:
204#ifdef DES_BUILTIN
205	    case AUTH_DES:
206#endif
207		/* already registered */
208		return (1);
209
210	    default:
211		mutex_lock(&authsvc_lock);
212		for (asp = Auths; asp; asp = asp->next) {
213			if (asp->flavor == cred_flavor) {
214				/* already registered */
215				mutex_unlock(&authsvc_lock);
216				return (1);
217			}
218		}
219
220		/* this is a new one, so go ahead and register it */
221		asp = mem_alloc(sizeof (*asp));
222		if (asp == NULL) {
223			mutex_unlock(&authsvc_lock);
224			return (-1);
225		}
226		asp->flavor = cred_flavor;
227		asp->handler = handler;
228		asp->next = Auths;
229		Auths = asp;
230		mutex_unlock(&authsvc_lock);
231		break;
232	}
233	return (0);
234}
235