net/sunrpc/auth_unix.c at v2.6.24-rc3

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / net / sunrpc / auth_unix.c
at v2.6.24-rc3 252 lines 5.8 kB view raw
wrap content
  1/*
  2 * linux/net/sunrpc/auth_unix.c
  3 *
  4 * UNIX-style authentication; no AUTH_SHORT support
  5 *
  6 * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>
  7 */
  8
  9#include <linux/types.h>
 10#include <linux/sched.h>
 11#include <linux/module.h>
 12#include <linux/sunrpc/clnt.h>
 13#include <linux/sunrpc/auth.h>
 14
 15#define NFS_NGROUPS	16
 16
 17struct unx_cred {
 18	struct rpc_cred		uc_base;
 19	gid_t			uc_gid;
 20	gid_t			uc_gids[NFS_NGROUPS];
 21};
 22#define uc_uid			uc_base.cr_uid
 23
 24#define UNX_WRITESLACK		(21 + (UNX_MAXNODENAME >> 2))
 25
 26#ifdef RPC_DEBUG
 27# define RPCDBG_FACILITY	RPCDBG_AUTH
 28#endif
 29
 30static struct rpc_auth		unix_auth;
 31static struct rpc_cred_cache	unix_cred_cache;
 32static const struct rpc_credops	unix_credops;
 33
 34static struct rpc_auth *
 35unx_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
 36{
 37	dprintk("RPC:       creating UNIX authenticator for client %p\n",
 38			clnt);
 39	atomic_inc(&unix_auth.au_count);
 40	return &unix_auth;
 41}
 42
 43static void
 44unx_destroy(struct rpc_auth *auth)
 45{
 46	dprintk("RPC:       destroying UNIX authenticator %p\n", auth);
 47	rpcauth_clear_credcache(auth->au_credcache);
 48}
 49
 50/*
 51 * Lookup AUTH_UNIX creds for current process
 52 */
 53static struct rpc_cred *
 54unx_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
 55{
 56	return rpcauth_lookup_credcache(auth, acred, flags);
 57}
 58
 59static struct rpc_cred *
 60unx_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
 61{
 62	struct unx_cred	*cred;
 63	int		i;
 64
 65	dprintk("RPC:       allocating UNIX cred for uid %d gid %d\n",
 66			acred->uid, acred->gid);
 67
 68	if (!(cred = kmalloc(sizeof(*cred), GFP_KERNEL)))
 69		return ERR_PTR(-ENOMEM);
 70
 71	rpcauth_init_cred(&cred->uc_base, acred, auth, &unix_credops);
 72	cred->uc_base.cr_flags = 1UL << RPCAUTH_CRED_UPTODATE;
 73	if (flags & RPCAUTH_LOOKUP_ROOTCREDS) {
 74		cred->uc_uid = 0;
 75		cred->uc_gid = 0;
 76		cred->uc_gids[0] = NOGROUP;
 77	} else {
 78		int groups = acred->group_info->ngroups;
 79		if (groups > NFS_NGROUPS)
 80			groups = NFS_NGROUPS;
 81
 82		cred->uc_gid = acred->gid;
 83		for (i = 0; i < groups; i++)
 84			cred->uc_gids[i] = GROUP_AT(acred->group_info, i);
 85		if (i < NFS_NGROUPS)
 86		  cred->uc_gids[i] = NOGROUP;
 87	}
 88
 89	return &cred->uc_base;
 90}
 91
 92static void
 93unx_free_cred(struct unx_cred *unx_cred)
 94{
 95	dprintk("RPC:       unx_free_cred %p\n", unx_cred);
 96	kfree(unx_cred);
 97}
 98
 99static void
100unx_free_cred_callback(struct rcu_head *head)
101{
102	struct unx_cred *unx_cred = container_of(head, struct unx_cred, uc_base.cr_rcu);
103	unx_free_cred(unx_cred);
104}
105
106static void
107unx_destroy_cred(struct rpc_cred *cred)
108{
109	call_rcu(&cred->cr_rcu, unx_free_cred_callback);
110}
111
112/*
113 * Match credentials against current process creds.
114 * The root_override argument takes care of cases where the caller may
115 * request root creds (e.g. for NFS swapping).
116 */
117static int
118unx_match(struct auth_cred *acred, struct rpc_cred *rcred, int flags)
119{
120	struct unx_cred	*cred = container_of(rcred, struct unx_cred, uc_base);
121	int		i;
122
123	if (!(flags & RPCAUTH_LOOKUP_ROOTCREDS)) {
124		int groups;
125
126		if (cred->uc_uid != acred->uid
127		 || cred->uc_gid != acred->gid)
128			return 0;
129
130		groups = acred->group_info->ngroups;
131		if (groups > NFS_NGROUPS)
132			groups = NFS_NGROUPS;
133		for (i = 0; i < groups ; i++)
134			if (cred->uc_gids[i] != GROUP_AT(acred->group_info, i))
135				return 0;
136		return 1;
137	}
138	return (cred->uc_uid == 0
139	     && cred->uc_gid == 0
140	     && cred->uc_gids[0] == (gid_t) NOGROUP);
141}
142
143/*
144 * Marshal credentials.
145 * Maybe we should keep a cached credential for performance reasons.
146 */
147static __be32 *
148unx_marshal(struct rpc_task *task, __be32 *p)
149{
150	struct rpc_clnt	*clnt = task->tk_client;
151	struct unx_cred	*cred = container_of(task->tk_msg.rpc_cred, struct unx_cred, uc_base);
152	__be32		*base, *hold;
153	int		i;
154
155	*p++ = htonl(RPC_AUTH_UNIX);
156	base = p++;
157	*p++ = htonl(jiffies/HZ);
158
159	/*
160	 * Copy the UTS nodename captured when the client was created.
161	 */
162	p = xdr_encode_array(p, clnt->cl_nodename, clnt->cl_nodelen);
163
164	*p++ = htonl((u32) cred->uc_uid);
165	*p++ = htonl((u32) cred->uc_gid);
166	hold = p++;
167	for (i = 0; i < 16 && cred->uc_gids[i] != (gid_t) NOGROUP; i++)
168		*p++ = htonl((u32) cred->uc_gids[i]);
169	*hold = htonl(p - hold - 1);		/* gid array length */
170	*base = htonl((p - base - 1) << 2);	/* cred length */
171
172	*p++ = htonl(RPC_AUTH_NULL);
173	*p++ = htonl(0);
174
175	return p;
176}
177
178/*
179 * Refresh credentials. This is a no-op for AUTH_UNIX
180 */
181static int
182unx_refresh(struct rpc_task *task)
183{
184	set_bit(RPCAUTH_CRED_UPTODATE, &task->tk_msg.rpc_cred->cr_flags);
185	return 0;
186}
187
188static __be32 *
189unx_validate(struct rpc_task *task, __be32 *p)
190{
191	rpc_authflavor_t	flavor;
192	u32			size;
193
194	flavor = ntohl(*p++);
195	if (flavor != RPC_AUTH_NULL &&
196	    flavor != RPC_AUTH_UNIX &&
197	    flavor != RPC_AUTH_SHORT) {
198		printk("RPC: bad verf flavor: %u\n", flavor);
199		return NULL;
200	}
201
202	size = ntohl(*p++);
203	if (size > RPC_MAX_AUTH_SIZE) {
204		printk("RPC: giant verf size: %u\n", size);
205		return NULL;
206	}
207	task->tk_msg.rpc_cred->cr_auth->au_rslack = (size >> 2) + 2;
208	p += (size >> 2);
209
210	return p;
211}
212
213void __init rpc_init_authunix(void)
214{
215	spin_lock_init(&unix_cred_cache.lock);
216}
217
218const struct rpc_authops authunix_ops = {
219	.owner		= THIS_MODULE,
220	.au_flavor	= RPC_AUTH_UNIX,
221#ifdef RPC_DEBUG
222	.au_name	= "UNIX",
223#endif
224	.create		= unx_create,
225	.destroy	= unx_destroy,
226	.lookup_cred	= unx_lookup_cred,
227	.crcreate	= unx_create_cred,
228};
229
230static
231struct rpc_cred_cache	unix_cred_cache = {
232};
233
234static
235struct rpc_auth		unix_auth = {
236	.au_cslack	= UNX_WRITESLACK,
237	.au_rslack	= 2,			/* assume AUTH_NULL verf */
238	.au_ops		= &authunix_ops,
239	.au_flavor	= RPC_AUTH_UNIX,
240	.au_count	= ATOMIC_INIT(0),
241	.au_credcache	= &unix_cred_cache,
242};
243
244static
245const struct rpc_credops unix_credops = {
246	.cr_name	= "AUTH_UNIX",
247	.crdestroy	= unx_destroy_cred,
248	.crmatch	= unx_match,
249	.crmarshal	= unx_marshal,
250	.crrefresh	= unx_refresh,
251	.crvalidate	= unx_validate,
252};
Configure Feed

Configure Feed
