2 * linux/net/sunrpc/svcauth.c
4 * The generic interface for RPC authentication on the server side.
6 * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
9 * 19-Apr-2000 Chris Evans - Security fix
12 #include <linux/types.h>
13 #include <linux/sched.h>
14 #include <linux/sunrpc/types.h>
15 #include <linux/sunrpc/xdr.h>
16 #include <linux/sunrpc/svcauth.h>
17 #include <linux/sunrpc/svcsock.h>
19 #define RPCDBG_FACILITY RPCDBG_AUTH
22 * Type of authenticator function
24 typedef void (*auth_fn_t)(struct svc_rqst *rqstp, u32 *statp, u32 *authp);
27 * Builtin auth flavors
29 static void svcauth_null(struct svc_rqst *rqstp, u32 *statp, u32 *authp);
30 static void svcauth_unix(struct svc_rqst *rqstp, u32 *statp, u32 *authp);
33 * Max number of authentication flavors we support
35 #define RPC_SVCAUTH_MAX 8
38 * Table of authenticators
40 static auth_fn_t authtab[RPC_SVCAUTH_MAX] = {
47 svc_authenticate(struct svc_rqst *rqstp, u32 *statp, u32 *authp)
55 svc_getlong(&rqstp->rq_argbuf, flavor);
56 flavor = ntohl(flavor);
58 dprintk("svc: svc_authenticate (%d)\n", flavor);
59 if (flavor >= RPC_SVCAUTH_MAX || !(func = authtab[flavor])) {
60 *authp = rpc_autherr_badcred;
64 rqstp->rq_cred.cr_flavor = flavor;
65 func(rqstp, statp, authp);
69 svc_auth_register(u32 flavor, auth_fn_t func)
71 if (flavor >= RPC_SVCAUTH_MAX || authtab[flavor])
73 authtab[flavor] = func;
78 svc_auth_unregister(u32 flavor)
80 if (flavor < RPC_SVCAUTH_MAX)
81 authtab[flavor] = NULL;
85 svcauth_null(struct svc_rqst *rqstp, u32 *statp, u32 *authp)
87 struct svc_buf *argp = &rqstp->rq_argbuf;
88 struct svc_buf *resp = &rqstp->rq_resbuf;
90 if ((argp->len -= 3) < 0) {
91 *statp = rpc_garbage_args;
94 if (*(argp->buf)++ != 0) { /* we already skipped the flavor */
95 dprintk("svc: bad null cred\n");
96 *authp = rpc_autherr_badcred;
99 if (*(argp->buf)++ != RPC_AUTH_NULL || *(argp->buf)++ != 0) {
100 dprintk("svc: bad null verf\n");
101 *authp = rpc_autherr_badverf;
105 /* Signal that mapping to nobody uid/gid is required */
106 rqstp->rq_cred.cr_uid = (uid_t) -1;
107 rqstp->rq_cred.cr_gid = (gid_t) -1;
108 rqstp->rq_cred.cr_groups[0] = NOGROUP;
110 /* Put NULL verifier */
111 rqstp->rq_verfed = 1;
112 svc_putlong(resp, RPC_AUTH_NULL);
113 svc_putlong(resp, 0);
117 svcauth_unix(struct svc_rqst *rqstp, u32 *statp, u32 *authp)
119 struct svc_buf *argp = &rqstp->rq_argbuf;
120 struct svc_buf *resp = &rqstp->rq_resbuf;
121 struct svc_cred *cred = &rqstp->rq_cred;
122 u32 *bufp = argp->buf, slen, i;
125 if ((len -= 3) < 0) {
126 *statp = rpc_garbage_args;
131 bufp++; /* time stamp */
132 slen = (ntohl(*bufp++) + 3) >> 2; /* machname length */
133 if (slen > 64 || (len -= slen + 3) < 0)
135 bufp += slen; /* skip machname */
137 cred->cr_uid = ntohl(*bufp++); /* uid */
138 cred->cr_gid = ntohl(*bufp++); /* gid */
140 slen = ntohl(*bufp++); /* gids length */
141 if (slen > 16 || (len -= slen + 2) < 0)
143 for (i = 0; i < NGROUPS && i < slen; i++)
144 cred->cr_groups[i] = ntohl(*bufp++);
146 cred->cr_groups[i] = NOGROUP;
149 if (*bufp++ != RPC_AUTH_NULL || *bufp++ != 0) {
150 *authp = rpc_autherr_badverf;
157 /* Put NULL verifier */
158 rqstp->rq_verfed = 1;
159 svc_putlong(resp, RPC_AUTH_NULL);
160 svc_putlong(resp, 0);
165 *authp = rpc_autherr_badcred;