1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22/*
23 * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
24 */
25
26/*
27 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
28 * Use is subject to license terms.
29 */
30
31#include <stdio.h>
32#include <stdlib.h>
33#include <sys/types.h>
34#include <string.h>
35#include <sys/param.h>
36#include <sys/stat.h>
37#include <sys/file.h>
38#include <sys/time.h>
39#include <sys/errno.h>
40#include <rpcsvc/mount.h>
41#include <sys/pathconf.h>
42#include <sys/systeminfo.h>
43#include <sys/utsname.h>
44#include <arpa/inet.h>
45#include <signal.h>
46#include <syslog.h>
47#include <locale.h>
48#include <unistd.h>
49#include <thread.h>
50#include <netdir.h>
51#include <nfs/auth.h>
52#include <sharefs/share.h>
53#include <alloca.h>
54#include "../lib/sharetab.h"
55#include "mountd.h"
56
57static void
58nfsauth_access(auth_req *argp, auth_res *result)
59{
60	struct netbuf nbuf;
61	struct share *sh;
62
63	struct cln cln;
64
65	result->auth_perm = NFSAUTH_DENIED;
66
67	nbuf.len = argp->req_client.n_len;
68	nbuf.buf = argp->req_client.n_bytes;
69
70	if (nbuf.len == 0 || nbuf.buf == NULL)
71		return;
72
73	/*
74	 * Find the export
75	 */
76	sh = findentry(argp->req_path);
77	if (sh == NULL) {
78		syslog(LOG_ERR, "%s not exported", argp->req_path);
79		return;
80	}
81
82	cln_init_lazy(&cln, argp->req_netid, &nbuf);
83
84	result->auth_perm = check_client(sh, &cln, argp->req_flavor,
85	    argp->req_clnt_uid, argp->req_clnt_gid, argp->req_clnt_gids.len,
86	    argp->req_clnt_gids.val, &result->auth_srv_uid,
87	    &result->auth_srv_gid, &result->auth_srv_gids.len,
88	    &result->auth_srv_gids.val);
89
90	sharefree(sh);
91
92	if (result->auth_perm == NFSAUTH_DENIED) {
93		char *host = cln_gethost(&cln);
94		if (host != NULL)
95			syslog(LOG_ERR, "%s denied access to %s", host,
96			    argp->req_path);
97	}
98
99	cln_fini(&cln);
100}
101
102void
103nfsauth_func(void *cookie, char *dataptr, size_t arg_size,
104	door_desc_t *dp, uint_t n_desc)
105
106{
107	nfsauth_arg_t	*ap;
108	nfsauth_res_t	 res = {0};
109	XDR		 xdrs_a;
110	XDR		 xdrs_r;
111	size_t		 rbsz;
112	caddr_t		 rbuf;
113	varg_t		 varg = {0};
114
115	/*
116	 * Decode the inbound door data, so we can look at the cmd.
117	 */
118	xdrmem_create(&xdrs_a, dataptr, arg_size, XDR_DECODE);
119	if (!xdr_varg(&xdrs_a, &varg)) {
120		/*
121		 * If the arguments can't be decoded, bail.
122		 */
123		if (varg.vers == V_ERROR)
124			syslog(LOG_ERR, gettext("Arg version mismatch"));
125		res.stat = NFSAUTH_DR_DECERR;
126		goto encres;
127	}
128
129	/*
130	 * Now set the args pointer to the proper version of the args
131	 */
132	switch (varg.vers) {
133	case V_PROTO:
134		ap = &varg.arg_u.arg;
135		break;
136
137	/* Additional arguments versions go here */
138
139	default:
140		syslog(LOG_ERR, gettext("Invalid args version"));
141		res.stat = NFSAUTH_DR_DECERR;
142		goto encres;
143	}
144
145	/*
146	 * Call the specified cmd
147	 */
148	switch (ap->cmd) {
149	case NFSAUTH_ACCESS:
150		nfsauth_access(&ap->areq, &res.ares);
151		res.stat = NFSAUTH_DR_OKAY;
152		break;
153	default:
154		res.stat = NFSAUTH_DR_BADCMD;
155		break;
156	}
157
158encres:
159	/*
160	 * Free space used to decode the args
161	 */
162	xdr_free(xdr_varg, (char *)&varg);
163	xdr_destroy(&xdrs_a);
164
165	/*
166	 * Encode the results before passing thru door.
167	 */
168	rbsz = xdr_sizeof(xdr_nfsauth_res, &res);
169	if (rbsz == 0)
170		goto failed;
171	rbuf = alloca(rbsz);
172
173	xdrmem_create(&xdrs_r, rbuf, rbsz, XDR_ENCODE);
174	if (!xdr_nfsauth_res(&xdrs_r, &res)) {
175		xdr_destroy(&xdrs_r);
176failed:
177		xdr_free(xdr_nfsauth_res, (char *)&res);
178		/*
179		 * return only the status code
180		 */
181		res.stat = NFSAUTH_DR_EFAIL;
182		rbsz = sizeof (uint_t);
183		rbuf = (caddr_t)&res.stat;
184
185		goto out;
186	}
187	xdr_destroy(&xdrs_r);
188	xdr_free(xdr_nfsauth_res, (char *)&res);
189
190out:
191	(void) door_return((char *)rbuf, rbsz, NULL, 0);
192	(void) door_return(NULL, 0, NULL, 0);
193	/* NOTREACHED */
194}
195