/*
* The call rpc message, msg has been obtained from the wire. The msg contains
* the raw form of credentials and verifiers. authenticate returns AUTH_OK
* if the msg is successfully authenticated. If AUTH_OK then the routine also
* does the following things:
* set rqst->rq_xprt->verf to the appropriate response verifier;
* sets rqst->rq_client_cred to the "cooked" form of the credentials.
*
* NB: rqst->rq_cxprt->verf must be pre-alloctaed;
* its length is set appropriately.
*
* The caller still owns and is responsible for msg->u.cmb.cred and
* msg->u.cmb.verf. The authentication system retains ownership of
* rqst->rq_client_cred, the cooked credentials.
*
* There is an assumption that any flavour less than AUTH_NULL is
* invalid.
*/
enum auth_stat
_authenticate(struct svc_req *rqst, struct rpc_msg *msg)
{
int cred_flavor;
enum auth_stat dummy;
rqst->rq_cred = msg->rm_call.cb_cred;
rqst->rq_auth.svc_ah_ops = &svc_auth_null_ops;
rqst->rq_auth.svc_ah_private = NULL;
cred_flavor = rqst->rq_cred.oa_flavor;
switch (cred_flavor) {
case AUTH_NULL:
dummy = _svcauth_null(rqst, msg);
return (dummy);
case AUTH_SYS:
dummy = _svcauth_unix(rqst, msg);
return (dummy);
case AUTH_SHORT:
dummy = _svcauth_short(rqst, msg);
return (dummy);
case RPCSEC_GSS:
if (!_svcauth_rpcsec_gss)
return (AUTH_REJECTEDCRED);
dummy = _svcauth_rpcsec_gss(rqst, msg);
return (dummy);
default:
break;
}
return (AUTH_REJECTEDCRED);
}
/*
* The call rpc message, msg has been obtained from the wire. The msg contains
* the raw form of credentials and verifiers. authenticate returns AUTH_OK
* if the msg is successfully authenticated. If AUTH_OK then the routine also
* does the following things:
* set rqst->rq_xprt->verf to the appropriate response verifier;
* sets rqst->rq_client_cred to the "cooked" form of the credentials.
*
* NB: rqst->rq_cxprt->verf must be pre-alloctaed;
* its length is set appropriately.
*
* The caller still owns and is responsible for msg->u.cmb.cred and
* msg->u.cmb.verf. The authentication system retains ownership of
* rqst->rq_client_cred, the cooked credentials.
*
* There is an assumption that any flavour less than AUTH_NULL is
* invalid.
*/
ar_auth_stat_t
ar_svc_authenticate(ar_svc_req_t *rqst, arpc_msg_t *msg)
{
int cred_flavor;
#if 0
struct authsvc *asp;
#endif
ar_auth_stat_t dummy;
/* VARIABLES PROTECTED BY authsvc_lock: asp, Auths */
rqst->rq_cred = msg->arm_call.acb_cred;
#if 0
rqst->rq_xprt->xp_verf.oa_flavor = _null_auth.oa_flavor;
rqst->rq_xprt->xp_verf.oa_length = 0;
#endif
cred_flavor = rqst->rq_cred.oa_flavor;
switch (cred_flavor) {
case AR_AUTH_NULL:
dummy = ar_svcauth_null(rqst, msg);
return (dummy);
#if 0
case AR_AUTH_SYS:
dummy = _svcauth_unix(rqst, msg);
return (dummy);
case AR_AUTH_SHORT:
dummy = _svcauth_short(rqst, msg);
return (dummy);
#ifdef DES_BUILTIN
case AR_AUTH_DES:
dummy = _svcauth_des(rqst, msg);
return (dummy);
#endif
#endif
default:
break;
}
#if 0
/* flavor doesn't match any of the builtin types, so try new ones */
mutex_lock(&authsvc_lock);
for (asp = Auths; asp; asp = asp->next) {
if (asp->flavor == cred_flavor) {
ar_auth_stat_t as;
as = (*asp->handler)(rqst, msg);
mutex_unlock(&authsvc_lock);
return (as);
}
}
mutex_unlock(&authsvc_lock);
#endif
return (AR_AUTH_REJECTEDCRED);
}
/*
* The call rpc message, msg has been obtained from the wire. The msg contains
* the raw form of credentials and verifiers. authenticate returns AUTH_OK
* if the msg is successfully authenticated. If AUTH_OK then the routine also
* does the following things:
* set req->rq_verf to the appropriate response verifier;
* sets req->rq_client_cred to the "cooked" form of the credentials.
*
* NB: req->rq_verf must be pre-alloctaed, its length is set appropriately.
*
* The caller still owns and is responsible for msg->u.cmb.cred and
* msg->u.cmb.verf. The authentication system retains ownership of
* req->rq_client_cred, the cooked credentials.
*
* There is an assumption that any flavour less than AUTH_NULL is invalid.
*/
enum auth_stat
svc_auth_authenticate(struct svc_req *req, struct rpc_msg *msg,
bool *no_dispatch)
{
int cred_flavor;
struct authsvc *asp;
enum auth_stat rslt;
extern mutex_t authsvc_lock;
/* VARIABLES PROTECTED BY authsvc_lock: asp, Auths */
req->rq_cred = msg->rm_call.cb_cred;
req->rq_verf.oa_flavor = _null_auth.oa_flavor;
req->rq_verf.oa_length = 0;
cred_flavor = req->rq_cred.oa_flavor;
switch (cred_flavor) {
case RPCSEC_GSS:
{
rslt = _svcauth_gss(req, msg, no_dispatch);
}
return (rslt);
case AUTH_NONE:
rslt = _svcauth_none(req, msg);
return (rslt);
break;
case AUTH_SYS:
rslt = _svcauth_unix(req, msg);
return (rslt);
case AUTH_SHORT:
rslt = _svcauth_short(req, msg);
return (rslt);
#ifdef DES_BUILTIN
case AUTH_DES:
rslt = _svcauth_des(req, msg);
return (rslt);
#endif
default:
break;
}
/* flavor doesn't match any of the builtin types, so try new ones */
mutex_lock(&authsvc_lock);
for (asp = Auths; asp; asp = asp->next) {
if (asp->flavor == cred_flavor) {
enum auth_stat as;
as = (*asp->handler)(req, msg);
mutex_unlock(&authsvc_lock);
return (as);
}
}
mutex_unlock(&authsvc_lock);
return (AUTH_REJECTEDCRED);
}
