6790413 AUTH_NONE implementation in kernel RPC

4 files changed, 162 insertions, 10 deletions

diff --git a/usr/src/uts/common/Makefile.files b/usr/src/uts/common/Makefile.files
index 9ec6b3a29b..bc0664cdca 100644
--- a/usr/src/uts/common/Makefile.files
+++ b/usr/src/uts/common/Makefile.files
@@ -1438,7 +1438,7 @@ PCIC_OBJS +=	pcic.o
 PEM_OBJS +=	pem.o
 
 RPCSEC_OBJS +=	secmod.o	sec_clnt.o	sec_svc.o	sec_gen.o \
-		auth_des.o	auth_kern.o	auth_loopb.o\
+		auth_des.o	auth_kern.o	auth_none.o	auth_loopb.o\
 		authdesprt.o	authdesubr.o	authu_prot.o \
 		key_call.o	key_prot.o	svc_authu.o	svcauthdes.o
 
diff --git a/usr/src/uts/common/rpc/auth.h b/usr/src/uts/common/rpc/auth.h
index ab82e7799f..1af0c65857 100644
--- a/usr/src/uts/common/rpc/auth.h
+++ b/usr/src/uts/common/rpc/auth.h
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
@@ -41,8 +41,6 @@
 #ifndef	_RPC_AUTH_H
 #define	_RPC_AUTH_H
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <rpc/xdr.h>
 #include <rpc/clnt_stat.h>
 #include <sys/cred.h>
@@ -319,6 +317,9 @@ extern struct opaque_auth _null_auth;
 extern AUTH *authkern_create(void);		/* takes no parameters */
 extern int authkern_init(void *, void *, int);
 extern struct kmem_cache *authkern_cache;
+extern AUTH *authnone_create(void);		/* takes no parameters */
+extern int authnone_init(void *, void *, int);
+extern struct kmem_cache *authnone_cache;
 extern AUTH *authloopback_create(void);		/* takes no parameters */
 extern int authloopback_init(void *, void *, int);
 extern struct kmem_cache *authloopback_cache;
diff --git a/usr/src/uts/common/rpc/sec/auth_none.c b/usr/src/uts/common/rpc/sec/auth_none.c
new file mode 100644
index 0000000000..584a1a050e
--- /dev/null
+++ b/usr/src/uts/common/rpc/sec/auth_none.c
@@ -0,0 +1,148 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/*
+ * auth_none.c implements routines used to pass "null" credentials
+ * and "null" verifiers in kernel RPC.
+ */
+
+#include <rpc/auth.h>
+
+/*
+ * Null authenticator operations vector
+ */
+static void	authnone_nextverf(AUTH *);
+static bool_t	authnone_marshal(AUTH *, XDR *, struct cred *);
+static bool_t	authnone_validate(AUTH *, struct opaque_auth *);
+static bool_t	authnone_refresh(AUTH *, struct rpc_msg *, cred_t *);
+static void	authnone_destroy(AUTH *);
+
+static struct auth_ops auth_none_ops = {
+	authnone_nextverf,
+	authnone_marshal,
+	authnone_validate,
+	authnone_refresh,
+	authnone_destroy,
+	authany_wrap,
+	authany_unwrap
+};
+
+/*
+ * Create a kernel null style authenticator.
+ * Returns an auth handle.
+ */
+AUTH *
+authnone_create(void)
+{
+	/*
+	 * Allocate and set up auth handle
+	 */
+	return (kmem_cache_alloc(authnone_cache, KM_SLEEP));
+}
+
+/*
+ *  The constructor of the authnone_cache.
+ */
+/* ARGSUSED */
+int
+authnone_init(void *buf, void *cdrarg, int kmflags)
+{
+	AUTH *auth = (AUTH *)buf;
+
+	auth->ah_ops = &auth_none_ops;
+
+	/*
+	 * Flavor of RPC message's credential and verifier should be set to
+	 * AUTH_NONE. Opaque data associated with AUTH_NONE is undefined.
+	 * The length of the opaque data should be zero.
+	 *	oa_flavor = AUTH_NONE
+	 *	oa_base = NULL
+	 *	oa_length = 0
+	 */
+	auth->ah_cred = auth->ah_verf = _null_auth;
+
+	return (0);
+}
+
+/*
+ * authnone operations
+ */
+/* ARGSUSED */
+static void
+authnone_nextverf(AUTH *auth)
+{
+	/* no action necessary */
+}
+
+/* ARGSUSED */
+static bool_t
+authnone_marshal(AUTH *auth, XDR *xdrs, struct cred *cr)
+{
+	int32_t	*ptr;
+
+	/*
+	 * auth_none has no opaque data. Encode auth_none
+	 * value with 0 len data for both cred and verf.
+	 * We first try a fast path to complete this operation.
+	 */
+	ptr = XDR_INLINE(xdrs, 4 + 4 + 4 + 4);
+	if (ptr) {
+		IXDR_PUT_INT32(ptr, AUTH_NONE);
+		IXDR_PUT_INT32(ptr, 0);
+		IXDR_PUT_INT32(ptr, AUTH_NONE);
+		IXDR_PUT_INT32(ptr, 0);
+		return (TRUE);
+	}
+
+	/*
+	 * serialize AUTH_NONE credential and AUTH_NONE verifier
+	 */
+	if ((xdr_opaque_auth(xdrs, &(auth->ah_cred))) &&
+	    (xdr_opaque_auth(xdrs, &(auth->ah_verf))))
+		return (TRUE);
+	else
+		return (FALSE);
+}
+
+/* ARGSUSED */
+static bool_t
+authnone_validate(AUTH *auth, struct opaque_auth *verf)
+{
+	return (TRUE);
+}
+
+/* ARGSUSED */
+static bool_t
+authnone_refresh(AUTH *auth, struct rpc_msg *msg, cred_t *cr)
+{
+	return (FALSE);
+}
+
+static void
+authnone_destroy(AUTH *auth)
+{
+	kmem_cache_free(authnone_cache, auth);
+}
diff --git a/usr/src/uts/common/rpc/sec/sec_clnt.c b/usr/src/uts/common/rpc/sec/sec_clnt.c
index e73c723142..94f6ad906f 100644
--- a/usr/src/uts/common/rpc/sec/sec_clnt.c
+++ b/usr/src/uts/common/rpc/sec/sec_clnt.c
@@ -19,12 +19,10 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <sys/param.h>
 #include <sys/types.h>
 #include <sys/systm.h>
@@ -67,6 +65,8 @@ static uint_t authdes_win = 5*60;  /* 5 minutes -- should be mount option */
 
 struct kmem_cache *authkern_cache;
 
+struct kmem_cache *authnone_cache;
+
 struct kmem_cache *authloopback_cache;
 
 static struct desauthent {
@@ -445,9 +445,9 @@ sec_clnt_geth(CLIENT *client, struct sec_data *secdata, cred_t *cr, AUTH **ap)
 
 		switch (authflavor) {
 		case AUTH_NONE:
-			/*
-			 * XXX: should do real AUTH_NONE, instead of AUTH_UNIX
-			 */
+			*ap = (AUTH *) authnone_create();
+			return ((*ap != NULL) ? 0 : EINTR);
+
 		case AUTH_UNIX:
 			*ap = (AUTH *) authkern_create();
 			return ((*ap != NULL) ? 0 : EINTR);
@@ -795,6 +795,8 @@ sec_subrinit(void)
 {
 	authkern_cache = kmem_cache_create("authkern_cache",
 	    sizeof (AUTH), 0, authkern_init, NULL, NULL, NULL, NULL, 0);
+	authnone_cache = kmem_cache_create("authnone_cache",
+	    sizeof (AUTH), 0, authnone_init, NULL, NULL, NULL, NULL, 0);
 	authloopback_cache = kmem_cache_create("authloopback_cache",
 	    sizeof (AUTH), 0, authloopback_init, NULL, NULL, NULL, NULL, 0);
 	mutex_init(&desauthtab_lock, NULL, MUTEX_DEFAULT, NULL);
@@ -814,6 +816,7 @@ sec_subrfini(void)
 {
 	mutex_destroy(&desauthtab_lock);
 	kmem_cache_destroy(authkern_cache);
+	kmem_cache_destroy(authnone_cache);
 	kmem_cache_destroy(authloopback_cache);
 
 	/* RPC stuff */