The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/rpc/svc_auth.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $NetBSD: svc_auth.c,v 1.12 2000/07/06 03:10:35 christos Exp $   */
    2 
    3 /*-
    4  * Copyright (c) 2009, Sun Microsystems, Inc.
    5  * All rights reserved.
    6  *
    7  * Redistribution and use in source and binary forms, with or without 
    8  * modification, are permitted provided that the following conditions are met:
    9  * - Redistributions of source code must retain the above copyright notice, 
   10  *   this list of conditions and the following disclaimer.
   11  * - Redistributions in binary form must reproduce the above copyright notice, 
   12  *   this list of conditions and the following disclaimer in the documentation 
   13  *   and/or other materials provided with the distribution.
   14  * - Neither the name of Sun Microsystems, Inc. nor the names of its 
   15  *   contributors may be used to endorse or promote products derived 
   16  *   from this software without specific prior written permission.
   17  * 
   18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
   19  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
   20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
   21  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 
   22  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
   23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
   24  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
   25  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
   26  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
   27  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
   28  * POSSIBILITY OF SUCH DAMAGE.
   29  */
   30 /*
   31  * Copyright (c) 1986-1991 by Sun Microsystems Inc. 
   32  */
   33 
   34 #if defined(LIBC_SCCS) && !defined(lint)
   35 #ident  "@(#)svc_auth.c 1.16    94/04/24 SMI"
   36 static char sccsid[] = "@(#)svc_auth.c 1.26 89/02/07 Copyr 1984 Sun Micro";
   37 #endif
   38 #include <sys/cdefs.h>
   39 __FBSDID("$FreeBSD: releng/11.2/sys/rpc/svc_auth.c 331722 2018-03-29 02:50:57Z eadler $");
   40 
   41 /*
   42  * svc_auth.c, Server-side rpc authenticator interface.
   43  *
   44  */
   45 
   46 #include <sys/param.h>
   47 #include <sys/lock.h>
   48 #include <sys/mutex.h>
   49 #include <sys/systm.h>
   50 #include <sys/jail.h>
   51 #include <sys/ucred.h>
   52 
   53 #include <rpc/rpc.h>
   54 
   55 static enum auth_stat (*_svcauth_rpcsec_gss)(struct svc_req *,
   56     struct rpc_msg *) = NULL;
   57 static int (*_svcauth_rpcsec_gss_getcred)(struct svc_req *,
   58     struct ucred **, int *);
   59 
   60 static struct svc_auth_ops svc_auth_null_ops;
   61 
   62 /*
   63  * The call rpc message, msg has been obtained from the wire.  The msg contains
   64  * the raw form of credentials and verifiers.  authenticate returns AUTH_OK
   65  * if the msg is successfully authenticated.  If AUTH_OK then the routine also
   66  * does the following things:
   67  * set rqst->rq_xprt->verf to the appropriate response verifier;
   68  * sets rqst->rq_client_cred to the "cooked" form of the credentials.
   69  *
   70  * NB: rqst->rq_cxprt->verf must be pre-alloctaed;
   71  * its length is set appropriately.
   72  *
   73  * The caller still owns and is responsible for msg->u.cmb.cred and
   74  * msg->u.cmb.verf.  The authentication system retains ownership of
   75  * rqst->rq_client_cred, the cooked credentials.
   76  *
   77  * There is an assumption that any flavour less than AUTH_NULL is
   78  * invalid.
   79  */
   80 enum auth_stat
   81 _authenticate(struct svc_req *rqst, struct rpc_msg *msg)
   82 {
   83         int cred_flavor;
   84         enum auth_stat dummy;
   85 
   86         rqst->rq_cred = msg->rm_call.cb_cred;
   87         rqst->rq_auth.svc_ah_ops = &svc_auth_null_ops;
   88         rqst->rq_auth.svc_ah_private = NULL;
   89         cred_flavor = rqst->rq_cred.oa_flavor;
   90         switch (cred_flavor) {
   91         case AUTH_NULL:
   92                 dummy = _svcauth_null(rqst, msg);
   93                 return (dummy);
   94         case AUTH_SYS:
   95                 dummy = _svcauth_unix(rqst, msg);
   96                 return (dummy);
   97         case AUTH_SHORT:
   98                 dummy = _svcauth_short(rqst, msg);
   99                 return (dummy);
  100         case RPCSEC_GSS:
  101                 if (!_svcauth_rpcsec_gss)
  102                         return (AUTH_REJECTEDCRED);
  103                 dummy = _svcauth_rpcsec_gss(rqst, msg);
  104                 return (dummy);
  105         default:
  106                 break;
  107         }
  108 
  109         return (AUTH_REJECTEDCRED);
  110 }
  111 
  112 /*
  113  * A set of null auth methods used by any authentication protocols
  114  * that don't need to inspect or modify the message body.
  115  */
  116 static bool_t
  117 svcauth_null_wrap(SVCAUTH *auth, struct mbuf **mp)
  118 {
  119 
  120         return (TRUE);
  121 }
  122 
  123 static bool_t
  124 svcauth_null_unwrap(SVCAUTH *auth, struct mbuf **mp)
  125 {
  126 
  127         return (TRUE);
  128 }
  129 
  130 static void
  131 svcauth_null_release(SVCAUTH *auth)
  132 {
  133 
  134 }
  135 
  136 static struct svc_auth_ops svc_auth_null_ops = {
  137         svcauth_null_wrap,
  138         svcauth_null_unwrap,
  139         svcauth_null_release,
  140 };
  141 
  142 /*ARGSUSED*/
  143 enum auth_stat
  144 _svcauth_null(struct svc_req *rqst, struct rpc_msg *msg)
  145 {
  146 
  147         rqst->rq_verf = _null_auth;
  148         return (AUTH_OK);
  149 }
  150 
  151 int
  152 svc_auth_reg(int flavor,
  153     enum auth_stat (*svcauth)(struct svc_req *, struct rpc_msg *),
  154     int (*getcred)(struct svc_req *, struct ucred **, int *))
  155 {
  156 
  157         if (flavor == RPCSEC_GSS) {
  158                 _svcauth_rpcsec_gss = svcauth;
  159                 _svcauth_rpcsec_gss_getcred = getcred;
  160         }
  161         return (TRUE);
  162 }
  163 
  164 int
  165 svc_getcred(struct svc_req *rqst, struct ucred **crp, int *flavorp)
  166 {
  167         struct ucred *cr = NULL;
  168         int flavor;
  169         struct xucred *xcr;
  170 
  171         flavor = rqst->rq_cred.oa_flavor;
  172         if (flavorp)
  173                 *flavorp = flavor;
  174 
  175         switch (flavor) {
  176         case AUTH_UNIX:
  177                 xcr = (struct xucred *) rqst->rq_clntcred;
  178                 cr = crget();
  179                 cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xcr->cr_uid;
  180                 crsetgroups(cr, xcr->cr_ngroups, xcr->cr_groups);
  181                 cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0];
  182                 cr->cr_prison = &prison0;
  183                 prison_hold(cr->cr_prison);
  184                 *crp = cr;
  185                 return (TRUE);
  186 
  187         case RPCSEC_GSS:
  188                 if (!_svcauth_rpcsec_gss_getcred)
  189                         return (FALSE);
  190                 return (_svcauth_rpcsec_gss_getcred(rqst, crp, flavorp));
  191 
  192         default:
  193                 return (FALSE);
  194         }
  195 }
  196 

Cache object: 7a06e1a00dab2fd12dc9d49cb28baa2d


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.