nfs-ganesha 1.4

Svc_auth.c

Go to the documentation of this file.
00001 /*
00002  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
00003  * unrestricted use provided that this legend is included on all tape
00004  * media and as a part of the software program in whole or part.  Users
00005  * may copy or modify Sun RPC without charge, but are not authorized
00006  * to license or distribute it to anyone else except as part of a product or
00007  * program developed by the user.
00008  * 
00009  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
00010  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
00011  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
00012  * 
00013  * Sun RPC is provided with no support and without any obligation on the
00014  * part of Sun Microsystems, Inc. to assist in its use, correction,
00015  * modification or enhancement.
00016  *
00017  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
00018  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
00019  * OR ANY PART THEREOF.
00020  *
00021  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
00022  * or profits or other special, indirect and consequential damages, even if
00023  * Sun has been advised of the possibility of such damages.
00024  *
00025  * Sun Microsystems, Inc.
00026  * 2550 Garcia Avenue
00027  * Mountain View, California  94043
00028  */
00029 
00030 /*
00031  * svc_auth_nodes.c, Server-side rpc authenticator interface,
00032  * *WITHOUT* DES authentication.
00033  *
00034  * Copyright (C) 1984, Sun Microsystems, Inc.
00035  */
00036 
00037 #ifdef HAVE_CONFIG_H
00038 #include "config.h"
00039 #endif
00040 
00041 #ifdef _SOLARIS
00042 #include "solaris_port.h"
00043 #endif
00044 
00045 #include "rpcal.h"
00046 
00047 /*
00048  * Server side authenticators are called from authenticate by
00049  * using the client auth struct flavor field to index into svcauthsw.
00050  * The server auth flavors must implement a routine that looks  
00051  * like: 
00052  * 
00053  *      enum auth_stat
00054  *      flavorx_auth(rqst, msg)
00055  *              register struct svc_req *rqst; 
00056  *              register struct rpc_msg *msg;
00057  *
00058  */
00059 enum auth_stat Gssrpc__svcauth_none(register struct svc_req *rqst,
00060                                     register struct rpc_msg *msg, bool_t * no_dispatch);
00061 
00062 enum auth_stat Gssrpc__svcauth_unix(register struct svc_req *rqst,
00063                                     register struct rpc_msg *msg, bool_t * no_dispatch);
00064 
00065 enum auth_stat Gssrpc__svcauth_gss(register struct svc_req *rqst,
00066                                    register struct rpc_msg *msg, bool_t * no_dispatch);
00067 
00068 #define Gssrpc__svcauth_short Gssrpc__svcauth_unix
00069 
00070 static struct svcauthsw_type
00071 {
00072   u_int flavor;
00073   enum auth_stat (*authenticator) (struct svc_req *, struct rpc_msg *, bool_t *);
00074 } svcauthsw[] =
00075 {
00076 #ifdef AUTH_GSSAPI
00077   {
00078   AUTH_GSSAPI, Gssrpc__svcauth_gss},    /* AUTH_GSSAPI */
00079 #endif
00080   {
00081   AUTH_NONE, Gssrpc__svcauth_none},     /* AUTH_NONE */
00082 #if 0
00083   {
00084   AUTH_GSSAPI_COMPAT, gssrpc__svcauth_gssapi},  /* AUTH_GSSAPI_COMPAT */
00085 #endif
00086   {
00087   AUTH_UNIX, Gssrpc__svcauth_unix},     /* AUTH_UNIX */
00088   {
00089   AUTH_SHORT, Gssrpc__svcauth_short},   /* AUTH_SHORT */
00090   {
00091   RPCSEC_GSS, Gssrpc__svcauth_gss}      /* RPCSEC_GSS */
00092 };
00093 
00094 static int svcauthnum = sizeof(svcauthsw) / sizeof(struct svcauthsw_type);
00095 
00096 /*
00097  * The call rpc message, msg has been obtained from the wire.  The msg contains
00098  * the raw form of credentials and verifiers.  authenticate returns AUTH_OK
00099  * if the msg is successfully authenticated.  If AUTH_OK then the routine also
00100  * does the following things:
00101  * set rqst->rq_xprt->verf to the appropriate response verifier;
00102  * sets rqst->rq_client_cred to the "cooked" form of the credentials.
00103  *
00104  * NB: rqst->rq_cxprt->verf must be pre-alloctaed;
00105  * its length is set appropriately.
00106  *
00107  * The caller still owns and is responsible for msg->u.cmb.cred and
00108  * msg->u.cmb.verf.  The authentication system retains ownership of
00109  * rqst->rq_client_cred, the cooked credentials.
00110  */
00111 enum auth_stat
00112 Rpcsecgss__authenticate(register struct svc_req *rqst,
00113                         struct rpc_msg *msg, bool_t * no_dispatch)
00114 {
00115   register int cred_flavor, i;
00116 
00117   rqst->rq_cred = msg->rm_call.cb_cred;
00118   rqst->rq_xprt->xp_verf.oa_flavor = 0;
00119   rqst->rq_xprt->xp_verf.oa_length = 0;
00120   cred_flavor = rqst->rq_cred.oa_flavor;
00121   *no_dispatch = FALSE;
00122   for(i = 0; i < svcauthnum; i++)
00123     {
00124       if((cred_flavor == svcauthsw[i].flavor) &&
00125          (svcauthsw[i].authenticator != NULL))
00126         {
00127           return ((*(svcauthsw[i].authenticator)) (rqst, msg, no_dispatch));
00128         }
00129     }
00130 
00131   return (AUTH_REJECTEDCRED);
00132 }
Generated on Wed Nov 21 2012 for nfs-ganesha by  doxygen 1.7.3