17c478bdstevel@tonic-gate/*
27c478bdstevel@tonic-gate * CDDL HEADER START
37c478bdstevel@tonic-gate *
47c478bdstevel@tonic-gate * The contents of this file are subject to the terms of the
51cc5534rmesta * Common Development and Distribution License (the "License").
61cc5534rmesta * You may not use this file except in compliance with the License.
77c478bdstevel@tonic-gate *
87c478bdstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bdstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bdstevel@tonic-gate * See the License for the specific language governing permissions
117c478bdstevel@tonic-gate * and limitations under the License.
127c478bdstevel@tonic-gate *
137c478bdstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bdstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bdstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bdstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bdstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bdstevel@tonic-gate *
197c478bdstevel@tonic-gate * CDDL HEADER END
207c478bdstevel@tonic-gate */
21a237e38th
227c478bdstevel@tonic-gate/*
23a9685eaMarcel Telka * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
247c478bdstevel@tonic-gate */
2589621feMarcel Telka
265cb0d67Marcel Telka/*
2789621feMarcel Telka * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
2889621feMarcel Telka * Use is subject to license terms.
295cb0d67Marcel Telka */
307c478bdstevel@tonic-gate
317c478bdstevel@tonic-gate#include <stdio.h>
327c478bdstevel@tonic-gate#include <stdlib.h>
337c478bdstevel@tonic-gate#include <sys/types.h>
347c478bdstevel@tonic-gate#include <string.h>
357c478bdstevel@tonic-gate#include <sys/param.h>
367c478bdstevel@tonic-gate#include <sys/stat.h>
377c478bdstevel@tonic-gate#include <sys/file.h>
387c478bdstevel@tonic-gate#include <sys/time.h>
397c478bdstevel@tonic-gate#include <sys/errno.h>
407c478bdstevel@tonic-gate#include <rpcsvc/mount.h>
417c478bdstevel@tonic-gate#include <sys/pathconf.h>
427c478bdstevel@tonic-gate#include <sys/systeminfo.h>
437c478bdstevel@tonic-gate#include <sys/utsname.h>
447c478bdstevel@tonic-gate#include <arpa/inet.h>
457c478bdstevel@tonic-gate#include <signal.h>
467c478bdstevel@tonic-gate#include <syslog.h>
477c478bdstevel@tonic-gate#include <locale.h>
487c478bdstevel@tonic-gate#include <unistd.h>
497c478bdstevel@tonic-gate#include <thread.h>
507c478bdstevel@tonic-gate#include <netdir.h>
511cc5534rmesta#include <nfs/auth.h>
52a237e38th#include <sharefs/share.h>
5389621feMarcel Telka#include <alloca.h>
547c478bdstevel@tonic-gate#include "../lib/sharetab.h"
557c478bdstevel@tonic-gate#include "mountd.h"
567c478bdstevel@tonic-gate
577c478bdstevel@tonic-gatestatic void
581cc5534rmestanfsauth_access(auth_req *argp, auth_res *result)
597c478bdstevel@tonic-gate{
607c478bdstevel@tonic-gate	struct netbuf nbuf;
617c478bdstevel@tonic-gate	struct share *sh;
627c478bdstevel@tonic-gate
63a9685eaMarcel Telka	struct cln cln;
647c478bdstevel@tonic-gate
65a9685eaMarcel Telka	result->auth_perm = NFSAUTH_DENIED;
667c478bdstevel@tonic-gate
677c478bdstevel@tonic-gate	nbuf.len = argp->req_client.n_len;
687c478bdstevel@tonic-gate	nbuf.buf = argp->req_client.n_bytes;
697c478bdstevel@tonic-gate
700a701b1Robert Gordon	if (nbuf.len == 0 || nbuf.buf == NULL)
71a9685eaMarcel Telka		return;
727c478bdstevel@tonic-gate
737c478bdstevel@tonic-gate	/*
74a9685eaMarcel Telka	 * Find the export
757c478bdstevel@tonic-gate	 */
767c478bdstevel@tonic-gate	sh = findentry(argp->req_path);
777c478bdstevel@tonic-gate	if (sh == NULL) {
787c478bdstevel@tonic-gate		syslog(LOG_ERR, "%s not exported", argp->req_path);
79a9685eaMarcel Telka		return;
807c478bdstevel@tonic-gate	}
817c478bdstevel@tonic-gate
82a9685eaMarcel Telka	cln_init_lazy(&cln, argp->req_netid, &nbuf);
83a9685eaMarcel Telka
84a9685eaMarcel Telka	result->auth_perm = check_client(sh, &cln, argp->req_flavor,
8589621feMarcel Telka	    argp->req_clnt_uid, argp->req_clnt_gid, argp->req_clnt_gids.len,
8689621feMarcel Telka	    argp->req_clnt_gids.val, &result->auth_srv_uid,
8789621feMarcel Telka	    &result->auth_srv_gid, &result->auth_srv_gids.len,
8889621feMarcel Telka	    &result->auth_srv_gids.val);
897c478bdstevel@tonic-gate
907c478bdstevel@tonic-gate	sharefree(sh);
917c478bdstevel@tonic-gate
927c478bdstevel@tonic-gate	if (result->auth_perm == NFSAUTH_DENIED) {
93a9685eaMarcel Telka		char *host = cln_gethost(&cln);
94a9685eaMarcel Telka		if (host != NULL)
95a9685eaMarcel Telka			syslog(LOG_ERR, "%s denied access to %s", host,
96a9685eaMarcel Telka			    argp->req_path);
977c478bdstevel@tonic-gate	}
987c478bdstevel@tonic-gate
99a9685eaMarcel Telka	cln_fini(&cln);
1007c478bdstevel@tonic-gate}
1011cc5534rmesta
1021cc5534rmestavoid
1031cc5534rmestanfsauth_func(void *cookie, char *dataptr, size_t arg_size,
1041cc5534rmesta	door_desc_t *dp, uint_t n_desc)
1051cc5534rmesta
1061cc5534rmesta{
1071cc5534rmesta	nfsauth_arg_t	*ap;
1081cc5534rmesta	nfsauth_res_t	 res = {0};
1091cc5534rmesta	XDR		 xdrs_a;
1101cc5534rmesta	XDR		 xdrs_r;
11189621feMarcel Telka	size_t		 rbsz;
11289621feMarcel Telka	caddr_t		 rbuf;
1131cc5534rmesta	varg_t		 varg = {0};
1141cc5534rmesta
1151cc5534rmesta	/*
1161cc5534rmesta	 * Decode the inbound door data, so we can look at the cmd.
1171cc5534rmesta	 */
11889621feMarcel Telka	xdrmem_create(&xdrs_a, dataptr, arg_size, XDR_DECODE);
1191cc5534rmesta	if (!xdr_varg(&xdrs_a, &varg)) {
1201cc5534rmesta		/*
1211cc5534rmesta		 * If the arguments can't be decoded, bail.
1221cc5534rmesta		 */
1231cc5534rmesta		if (varg.vers == V_ERROR)
1241cc5534rmesta			syslog(LOG_ERR, gettext("Arg version mismatch"));
1251cc5534rmesta		res.stat = NFSAUTH_DR_DECERR;
1261cc5534rmesta		goto encres;
1271cc5534rmesta	}
1281cc5534rmesta
1291cc5534rmesta	/*
1301cc5534rmesta	 * Now set the args pointer to the proper version of the args
1311cc5534rmesta	 */
1321cc5534rmesta	switch (varg.vers) {
1331cc5534rmesta	case V_PROTO:
1341cc5534rmesta		ap = &varg.arg_u.arg;
1351cc5534rmesta		break;
1361cc5534rmesta
13789621feMarcel Telka	/* Additional arguments versions go here */
1381cc5534rmesta
1391cc5534rmesta	default:
1401cc5534rmesta		syslog(LOG_ERR, gettext("Invalid args version"));
14189621feMarcel Telka		res.stat = NFSAUTH_DR_DECERR;
1421cc5534rmesta		goto encres;
1431cc5534rmesta	}
1441cc5534rmesta
1451cc5534rmesta	/*
1461cc5534rmesta	 * Call the specified cmd
1471cc5534rmesta	 */
1481cc5534rmesta	switch (ap->cmd) {
14989621feMarcel Telka	case NFSAUTH_ACCESS:
15089621feMarcel Telka		nfsauth_access(&ap->areq, &res.ares);
15189621feMarcel Telka		res.stat = NFSAUTH_DR_OKAY;
15289621feMarcel Telka		break;
15389621feMarcel Telka	default:
15489621feMarcel Telka		res.stat = NFSAUTH_DR_BADCMD;
15589621feMarcel Telka		break;
1561cc5534rmesta	}
1571cc5534rmesta
1581cc5534rmestaencres:
1591cc5534rmesta	/*
1601cc5534rmesta	 * Free space used to decode the args
1611cc5534rmesta	 */
16289621feMarcel Telka	xdr_free(xdr_varg, (char *)&varg);
1631cc5534rmesta	xdr_destroy(&xdrs_a);
1641cc5534rmesta
1651cc5534rmesta	/*
1661cc5534rmesta	 * Encode the results before passing thru door.
1671cc5534rmesta	 */
16889621feMarcel Telka	rbsz = xdr_sizeof(xdr_nfsauth_res, &res);
16989621feMarcel Telka	if (rbsz == 0)
17089621feMarcel Telka		goto failed;
17189621feMarcel Telka	rbuf = alloca(rbsz);
17289621feMarcel Telka
1731cc5534rmesta	xdrmem_create(&xdrs_r, rbuf, rbsz, XDR_ENCODE);
17489621feMarcel Telka	if (!xdr_nfsauth_res(&xdrs_r, &res)) {
17589621feMarcel Telka		xdr_destroy(&xdrs_r);
17689621feMarcel Telkafailed:
17789621feMarcel Telka		xdr_free(xdr_nfsauth_res, (char *)&res);
1781cc5534rmesta		/*
1791cc5534rmesta		 * return only the status code
1801cc5534rmesta		 */
18189621feMarcel Telka		res.stat = NFSAUTH_DR_EFAIL;
1821cc5534rmesta		rbsz = sizeof (uint_t);
18389621feMarcel Telka		rbuf = (caddr_t)&res.stat;
18489621feMarcel Telka
18589621feMarcel Telka		goto out;
1861cc5534rmesta	}
1871cc5534rmesta	xdr_destroy(&xdrs_r);
18889621feMarcel Telka	xdr_free(xdr_nfsauth_res, (char *)&res);
1891cc5534rmesta
19089621feMarcel Telkaout:
1911cc5534rmesta	(void) door_return((char *)rbuf, rbsz, NULL, 0);
1921cc5534rmesta	(void) door_return(NULL, 0, NULL, 0);
1931cc5534rmesta	/* NOTREACHED */
1941cc5534rmesta}
195