/* * The call rpc message, msg has been obtained from the wire. The msg contains * the raw form of credentials and verifiers. authenticate returns AUTH_OK * if the msg is successfully authenticated. If AUTH_OK then the routine also * does the following things: * set rqst->rq_xprt->verf to the appropriate response verifier; * sets rqst->rq_client_cred to the "cooked" form of the credentials. * * NB: rqst->rq_cxprt->verf must be pre-alloctaed; * its length is set appropriately. * * The caller still owns and is responsible for msg->u.cmb.cred and * msg->u.cmb.verf. The authentication system retains ownership of * rqst->rq_client_cred, the cooked credentials. * * There is an assumption that any flavour less than AUTH_NULL is * invalid. */ enum auth_stat _authenticate(struct svc_req *rqst, struct rpc_msg *msg) { int cred_flavor; enum auth_stat dummy; rqst->rq_cred = msg->rm_call.cb_cred; rqst->rq_auth.svc_ah_ops = &svc_auth_null_ops; rqst->rq_auth.svc_ah_private = NULL; cred_flavor = rqst->rq_cred.oa_flavor; switch (cred_flavor) { case AUTH_NULL: dummy = _svcauth_null(rqst, msg); return (dummy); case AUTH_SYS: dummy = _svcauth_unix(rqst, msg); return (dummy); case AUTH_SHORT: dummy = _svcauth_short(rqst, msg); return (dummy); case RPCSEC_GSS: if (!_svcauth_rpcsec_gss) return (AUTH_REJECTEDCRED); dummy = _svcauth_rpcsec_gss(rqst, msg); return (dummy); default: break; } return (AUTH_REJECTEDCRED); }
/* * The call rpc message, msg has been obtained from the wire. The msg contains * the raw form of credentials and verifiers. authenticate returns AUTH_OK * if the msg is successfully authenticated. If AUTH_OK then the routine also * does the following things: * set rqst->rq_xprt->verf to the appropriate response verifier; * sets rqst->rq_client_cred to the "cooked" form of the credentials. * * NB: rqst->rq_cxprt->verf must be pre-alloctaed; * its length is set appropriately. * * The caller still owns and is responsible for msg->u.cmb.cred and * msg->u.cmb.verf. The authentication system retains ownership of * rqst->rq_client_cred, the cooked credentials. * * There is an assumption that any flavour less than AUTH_NULL is * invalid. */ ar_auth_stat_t ar_svc_authenticate(ar_svc_req_t *rqst, arpc_msg_t *msg) { int cred_flavor; #if 0 struct authsvc *asp; #endif ar_auth_stat_t dummy; /* VARIABLES PROTECTED BY authsvc_lock: asp, Auths */ rqst->rq_cred = msg->arm_call.acb_cred; #if 0 rqst->rq_xprt->xp_verf.oa_flavor = _null_auth.oa_flavor; rqst->rq_xprt->xp_verf.oa_length = 0; #endif cred_flavor = rqst->rq_cred.oa_flavor; switch (cred_flavor) { case AR_AUTH_NULL: dummy = ar_svcauth_null(rqst, msg); return (dummy); #if 0 case AR_AUTH_SYS: dummy = _svcauth_unix(rqst, msg); return (dummy); case AR_AUTH_SHORT: dummy = _svcauth_short(rqst, msg); return (dummy); #ifdef DES_BUILTIN case AR_AUTH_DES: dummy = _svcauth_des(rqst, msg); return (dummy); #endif #endif default: break; } #if 0 /* flavor doesn't match any of the builtin types, so try new ones */ mutex_lock(&authsvc_lock); for (asp = Auths; asp; asp = asp->next) { if (asp->flavor == cred_flavor) { ar_auth_stat_t as; as = (*asp->handler)(rqst, msg); mutex_unlock(&authsvc_lock); return (as); } } mutex_unlock(&authsvc_lock); #endif return (AR_AUTH_REJECTEDCRED); }
/* * The call rpc message, msg has been obtained from the wire. The msg contains * the raw form of credentials and verifiers. authenticate returns AUTH_OK * if the msg is successfully authenticated. If AUTH_OK then the routine also * does the following things: * set req->rq_verf to the appropriate response verifier; * sets req->rq_client_cred to the "cooked" form of the credentials. * * NB: req->rq_verf must be pre-alloctaed, its length is set appropriately. * * The caller still owns and is responsible for msg->u.cmb.cred and * msg->u.cmb.verf. The authentication system retains ownership of * req->rq_client_cred, the cooked credentials. * * There is an assumption that any flavour less than AUTH_NULL is invalid. */ enum auth_stat svc_auth_authenticate(struct svc_req *req, struct rpc_msg *msg, bool *no_dispatch) { int cred_flavor; struct authsvc *asp; enum auth_stat rslt; extern mutex_t authsvc_lock; /* VARIABLES PROTECTED BY authsvc_lock: asp, Auths */ req->rq_cred = msg->rm_call.cb_cred; req->rq_verf.oa_flavor = _null_auth.oa_flavor; req->rq_verf.oa_length = 0; cred_flavor = req->rq_cred.oa_flavor; switch (cred_flavor) { case RPCSEC_GSS: { rslt = _svcauth_gss(req, msg, no_dispatch); } return (rslt); case AUTH_NONE: rslt = _svcauth_none(req, msg); return (rslt); break; case AUTH_SYS: rslt = _svcauth_unix(req, msg); return (rslt); case AUTH_SHORT: rslt = _svcauth_short(req, msg); return (rslt); #ifdef DES_BUILTIN case AUTH_DES: rslt = _svcauth_des(req, msg); return (rslt); #endif default: break; } /* flavor doesn't match any of the builtin types, so try new ones */ mutex_lock(&authsvc_lock); for (asp = Auths; asp; asp = asp->next) { if (asp->flavor == cred_flavor) { enum auth_stat as; as = (*asp->handler)(req, msg); mutex_unlock(&authsvc_lock); return (as); } } mutex_unlock(&authsvc_lock); return (AUTH_REJECTEDCRED); }