reactos/dll/win32/libtirpc/src/svc_auth.c

   1
   2 /*
   3  * Copyright (c) 2009, Sun Microsystems, Inc.
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions are met:
   8  * - Redistributions of source code must retain the above copyright notice,
   9  *   this list of conditions and the following disclaimer.
  10  * - Redistributions in binary form must reproduce the above copyright notice,
  11  *   this list of conditions and the following disclaimer in the documentation
  12  *   and/or other materials provided with the distribution.
  13  * - Neither the name of Sun Microsystems, Inc. nor the names of its
  14  *   contributors may be used to endorse or promote products derived
  15  *   from this software without specific prior written permission.
  16  *
  17  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  18  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  20  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
  21  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  22  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  23  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  24  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  25  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  26  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  27  * POSSIBILITY OF SUCH DAMAGE.
  28  */
  29 /*
  30  * Copyright (c) 1986-1991 by Sun Microsystems Inc.
  31  */
  32
  33 /*
  34  * svc_auth.c, Server-side rpc authenticator interface.
  35  *
  36  */
  37 #include <wintirpc.h>
  38 //#include <pthread.h>
  39 #include <reentrant.h>
  40 #include <sys/types.h>
  41 #include <rpc/rpc.h>
  42 #include <stdlib.h>
  43
  44 /*
  45  * svcauthsw is the bdevsw of server side authentication.
  46  *
  47  * Server side authenticators are called from authenticate by
  48  * using the client auth struct flavor field to index into svcauthsw.
  49  * The server auth flavors must implement a routine that looks
  50  * like:
  51  *
  52  *      enum auth_stat
  53  *      flavorx_auth(rqst, msg)
  54  *              struct svc_req *rqst;
  55  *              struct rpc_msg *msg;
  56  *
  57  */
  58
  59 /* declarations to allow servers to specify new authentication flavors */
  60 struct authsvc {
  61         int     flavor;
  62         enum    auth_stat (*handler)(struct svc_req *, struct rpc_msg *);
  63         struct  authsvc   *next;
  64 };
  65 static struct authsvc *Auths = NULL;
  66
  67 /*
  68  * The call rpc message, msg has been obtained from the wire.  The msg contains
  69  * the raw form of credentials and verifiers.  authenticate returns AUTH_OK
  70  * if the msg is successfully authenticated.  If AUTH_OK then the routine also
  71  * does the following things:
  72  * set rqst->rq_xprt->verf to the appropriate response verifier;
  73  * sets rqst->rq_client_cred to the "cooked" form of the credentials.
  74  *
  75  * NB: rqst->rq_cxprt->verf must be pre-alloctaed;
  76  * its length is set appropriately.
  77  *
  78  * The caller still owns and is responsible for msg->u.cmb.cred and
  79  * msg->u.cmb.verf.  The authentication system retains ownership of
  80  * rqst->rq_client_cred, the cooked credentials.
  81  *
  82  * There is an assumption that any flavour less than AUTH_NULL is
  83  * invalid.
  84  */
  85 enum auth_stat
  86 _authenticate(rqst, msg)
  87         struct svc_req *rqst;
  88         struct rpc_msg *msg;
  89 {
  90         int cred_flavor;
  91         struct authsvc *asp;
  92         enum auth_stat dummy;
  93         extern mutex_t authsvc_lock;
  94
  95 /* VARIABLES PROTECTED BY authsvc_lock: asp, Auths */
  96
  97         rqst->rq_cred = msg->rm_call.cb_cred;
  98         rqst->rq_xprt->xp_verf.oa_flavor = _null_auth.oa_flavor;
  99         rqst->rq_xprt->xp_verf.oa_length = 0;
 100         cred_flavor = rqst->rq_cred.oa_flavor;
 101         switch (cred_flavor) {
 102         case AUTH_NULL:
 103                 dummy = _svcauth_null(rqst, msg);
 104                 return (dummy);
 105         case AUTH_SYS:
 106                 dummy = _svcauth_unix(rqst, msg);
 107                 return (dummy);
 108         case AUTH_SHORT:
 109                 dummy = _svcauth_short(rqst, msg);
 110                 return (dummy);
 111 #ifdef DES_BUILTIN
 112         case AUTH_DES:
 113                 dummy = _svcauth_des(rqst, msg);
 114                 return (dummy);
 115 #endif
 116         default:
 117                 break;
 118         }
 119
 120         /* flavor doesn't match any of the builtin types, so try new ones */
 121         mutex_lock(&authsvc_lock);
 122         for (asp = Auths; asp; asp = asp->next) {
 123                 if (asp->flavor == cred_flavor) {
 124                         enum auth_stat as;
 125
 126                         as = (*asp->handler)(rqst, msg);
 127                         mutex_unlock(&authsvc_lock);
 128                         return (as);
 129                 }
 130         }
 131         mutex_unlock(&authsvc_lock);
 132
 133         return (AUTH_REJECTEDCRED);
 134 }
 135
 136 /*ARGSUSED*/
 137 enum auth_stat
 138 _svcauth_null(rqst, msg)
 139         struct svc_req *rqst;
 140         struct rpc_msg *msg;
 141 {
 142         return (AUTH_OK);
 143 }
 144
 145 /*
 146  *  Allow the rpc service to register new authentication types that it is
 147  *  prepared to handle.  When an authentication flavor is registered,
 148  *  the flavor is checked against already registered values.  If not
 149  *  registered, then a new Auths entry is added on the list.
 150  *
 151  *  There is no provision to delete a registration once registered.
 152  *
 153  *  This routine returns:
 154  *       0 if registration successful
 155  *       1 if flavor already registered
 156  *      -1 if can't register (errno set)
 157  */
 158
 159 int
 160 svc_auth_reg(cred_flavor, handler)
 161         int cred_flavor;
 162         enum auth_stat (*handler)(struct svc_req *, struct rpc_msg *);
 163 {
 164         struct authsvc *asp;
 165         extern mutex_t authsvc_lock;
 166
 167         switch (cred_flavor) {
 168             case AUTH_NULL:
 169             case AUTH_SYS:
 170             case AUTH_SHORT:
 171 #ifdef DES_BUILTIN
 172             case AUTH_DES:
 173 #endif
 174                 /* already registered */
 175                 return (1);
 176
 177             default:
 178                 mutex_lock(&authsvc_lock);
 179                 for (asp = Auths; asp; asp = asp->next) {
 180                         if (asp->flavor == cred_flavor) {
 181                                 /* already registered */
 182                                 mutex_unlock(&authsvc_lock);
 183                                 return (1);
 184                         }
 185                 }
 186
 187                 /* this is a new one, so go ahead and register it */
 188                 asp = mem_alloc(sizeof (*asp));
 189                 if (asp == NULL) {
 190                         mutex_unlock(&authsvc_lock);
 191                         return (-1);
 192                 }
 193                 asp->flavor = cred_flavor;
 194                 asp->handler = handler;
 195                 asp->next = Auths;
 196                 Auths = asp;
 197                 mutex_unlock(&authsvc_lock);
 198                 break;
 199         }
 200         return (0);
 201 }