lib/libc/rpc/svc_auth.c

   1 /*-
   2  * Copyright (c) 2009, Sun Microsystems, Inc.
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions are met:
   7  * - Redistributions of source code must retain the above copyright notice,
   8  *   this list of conditions and the following disclaimer.
   9  * - Redistributions in binary form must reproduce the above copyright notice,
  10  *   this list of conditions and the following disclaimer in the documentation
  11  *   and/or other materials provided with the distribution.
  12  * - Neither the name of Sun Microsystems, Inc. nor the names of its
  13  *   contributors may be used to endorse or promote products derived
  14  *   from this software without specific prior written permission.
  15  *
  16  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  17  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  19  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
  20  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  21  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  22  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  23  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  24  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  25  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  26  * POSSIBILITY OF SUCH DAMAGE.
  27  *
  28  * @(#)svc_auth.c       1.16    94/04/24 SMI; 1.26 89/02/07 Copyr 1984 Sun Micro
  29  * $NetBSD: svc_auth.c,v 1.12 2000/07/06 03:10:35 christos Exp $
  30  * $FreeBSD: src/lib/libc/rpc/svc_auth.c,v 1.13 2006/02/27 22:10:59 deischen Exp $
  31  */
  32 /*
  33  * Copyright (c) 1986-1991 by Sun Microsystems Inc.
  34  */
  35
  36 /*
  37  * svc_auth.c, Server-side rpc authenticator interface.
  38  */
  39
  40 #include "namespace.h"
  41 #include "reentrant.h"
  42 #include <sys/types.h>
  43 #include <rpc/rpc.h>
  44 #include <stdlib.h>
  45 #include "un-namespace.h"
  46 #include "mt_misc.h"
  47
  48 /*
  49  * svcauthsw is the bdevsw of server side authentication.
  50  *
  51  * Server side authenticators are called from authenticate by
  52  * using the client auth struct flavor field to index into svcauthsw.
  53  * The server auth flavors must implement a routine that looks
  54  * like:
  55  *
  56  *      enum auth_stat
  57  *      flavorx_auth(rqst, msg)
  58  *              struct svc_req *rqst;
  59  *              struct rpc_msg *msg;
  60  *
  61  */
  62
  63 /* declarations to allow servers to specify new authentication flavors */
  64 struct authsvc {
  65         int     flavor;
  66         enum    auth_stat (*handler)(struct svc_req *, struct rpc_msg *);
  67         struct  authsvc   *next;
  68 };
  69 static struct authsvc *Auths = NULL;
  70
  71 /*
  72  * The call rpc message, msg has been obtained from the wire.  The msg contains
  73  * the raw form of credentials and verifiers.  authenticate returns AUTH_OK
  74  * if the msg is successfully authenticated.  If AUTH_OK then the routine also
  75  * does the following things:
  76  * set rqst->rq_xprt->verf to the appropriate response verifier;
  77  * sets rqst->rq_client_cred to the "cooked" form of the credentials.
  78  *
  79  * NB: rqst->rq_cxprt->verf must be pre-alloctaed;
  80  * its length is set appropriately.
  81  *
  82  * The caller still owns and is responsible for msg->u.cmb.cred and
  83  * msg->u.cmb.verf.  The authentication system retains ownership of
  84  * rqst->rq_client_cred, the cooked credentials.
  85  *
  86  * There is an assumption that any flavour less than AUTH_NULL is
  87  * invalid.
  88  */
  89 enum auth_stat
  90 _authenticate(struct svc_req *rqst, struct rpc_msg *msg)
  91 {
  92         int cred_flavor;
  93         struct authsvc *asp;
  94         enum auth_stat dummy;
  95
  96 /* VARIABLES PROTECTED BY authsvc_lock: asp, Auths */
  97
  98         rqst->rq_cred = msg->rm_call.cb_cred;
  99         rqst->rq_xprt->xp_verf.oa_flavor = _null_auth.oa_flavor;
 100         rqst->rq_xprt->xp_verf.oa_length = 0;
 101         cred_flavor = rqst->rq_cred.oa_flavor;
 102         switch (cred_flavor) {
 103         case AUTH_NULL:
 104                 dummy = _svcauth_null(rqst, msg);
 105                 return (dummy);
 106         case AUTH_SYS:
 107                 dummy = _svcauth_unix(rqst, msg);
 108                 return (dummy);
 109         case AUTH_SHORT:
 110                 dummy = _svcauth_short(rqst, msg);
 111                 return (dummy);
 112 #ifdef DES_BUILTIN
 113         case AUTH_DES:
 114                 dummy = _svcauth_des(rqst, msg);
 115                 return (dummy);
 116 #endif
 117         default:
 118                 break;
 119         }
 120
 121         /* flavor doesn't match any of the builtin types, so try new ones */
 122         mutex_lock(&authsvc_lock);
 123         for (asp = Auths; asp; asp = asp->next) {
 124                 if (asp->flavor == cred_flavor) {
 125                         enum auth_stat as;
 126
 127                         as = (*asp->handler)(rqst, msg);
 128                         mutex_unlock(&authsvc_lock);
 129                         return (as);
 130                 }
 131         }
 132         mutex_unlock(&authsvc_lock);
 133
 134         return (AUTH_REJECTEDCRED);
 135 }
 136
 137 /*ARGSUSED*/
 138 enum auth_stat
 139 _svcauth_null(struct svc_req *rqst __unused, struct rpc_msg *msg __unused)
 140 {
 141         return (AUTH_OK);
 142 }
 143
 144 /*
 145  *  Allow the rpc service to register new authentication types that it is
 146  *  prepared to handle.  When an authentication flavor is registered,
 147  *  the flavor is checked against already registered values.  If not
 148  *  registered, then a new Auths entry is added on the list.
 149  *
 150  *  There is no provision to delete a registration once registered.
 151  *
 152  *  This routine returns:
 153  *       0 if registration successful
 154  *       1 if flavor already registered
 155  *      -1 if can't register (errno set)
 156  */
 157
 158 int
 159 svc_auth_reg(int cred_flavor,
 160              enum auth_stat (*handler)(struct svc_req *, struct rpc_msg *))
 161 {
 162         struct authsvc *asp;
 163
 164         switch (cred_flavor) {
 165             case AUTH_NULL:
 166             case AUTH_SYS:
 167             case AUTH_SHORT:
 168 #ifdef DES_BUILTIN
 169             case AUTH_DES:
 170 #endif
 171                 /* already registered */
 172                 return (1);
 173
 174             default:
 175                 mutex_lock(&authsvc_lock);
 176                 for (asp = Auths; asp; asp = asp->next) {
 177                         if (asp->flavor == cred_flavor) {
 178                                 /* already registered */
 179                                 mutex_unlock(&authsvc_lock);
 180                                 return (1);
 181                         }
 182                 }
 183
 184                 /* this is a new one, so go ahead and register it */
 185                 asp = mem_alloc(sizeof (*asp));
 186                 if (asp == NULL) {
 187                         mutex_unlock(&authsvc_lock);
 188                         return (-1);
 189                 }
 190                 asp->flavor = cred_flavor;
 191                 asp->handler = handler;
 192                 asp->next = Auths;
 193                 Auths = asp;
 194                 mutex_unlock(&authsvc_lock);
 195                 break;
 196         }
 197         return (0);
 198 }