Linux-2.6.12-rc2v2.6.12-rc2

Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!
author: Linus Torvalds <torvalds@ppc970.osdl.org> 2005-04-16 18:20:36 -0400
committer: Linus Torvalds <torvalds@ppc970.osdl.org> 2005-04-16 18:20:36 -0400
commit: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (patch)
tree: 0bba044c4ce775e45a88a51686b5d9f90697ea9d /net/sunrpc/svcauth_unix.c
1 files changed, 502 insertions, 0 deletions
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
new file mode 100644
index 000000000000..2b99b4028d31
--- /dev/null
+++ b/net/sunrpc/svcauth_unix.c
@@ -0,0 +1,502 @@
+#include <linux/types.h>
+#include <linux/sched.h>
+#include <linux/module.h>
+#include <linux/sunrpc/types.h>
+#include <linux/sunrpc/xdr.h>
+#include <linux/sunrpc/svcsock.h>
+#include <linux/sunrpc/svcauth.h>
+#include <linux/err.h>
+#include <linux/seq_file.h>
+#include <linux/hash.h>
+#define RPCDBG_FACILITY RPCDBG_AUTH
+/*
+ * AUTHUNIX and AUTHNULL credentials are both handled here.
+ * AUTHNULL is treated just like AUTHUNIX except that the uid/gid
+ * are always nobody (-2).  i.e. we do the same IP address checks for
+ * AUTHNULL as for AUTHUNIX, and that is done here.
+ */
+static char *strdup(char *s)
+{
+        char *rv = kmalloc(strlen(s)+1, GFP_KERNEL);
+        if (rv)
+                strcpy(rv, s);
+        return rv;
+}
+struct unix_domain {
+        struct auth_domain      h;
+        int     addr_changes;
+        /* other stuff later */
+};
+struct auth_domain *unix_domain_find(char *name)
+{
+        struct auth_domain *rv, ud;
+        struct unix_domain *new;
+        ud.name = name;
+        
+        rv = auth_domain_lookup(&ud, 0);
+ foundit:
+        if (rv && rv->flavour != RPC_AUTH_UNIX) {
+                auth_domain_put(rv);
+                return NULL;
+        }
+        if (rv)
+                return rv;
+        new = kmalloc(sizeof(*new), GFP_KERNEL);
+        if (new == NULL)
+                return NULL;
+        cache_init(&new->h.h);
+        new->h.name = strdup(name);
+        new->h.flavour = RPC_AUTH_UNIX;
+        new->addr_changes = 0;
+        new->h.h.expiry_time = NEVER;
+        rv = auth_domain_lookup(&new->h, 2);
+        if (rv == &new->h) {
+                if (atomic_dec_and_test(&new->h.h.refcnt)) BUG();
+        } else {
+                auth_domain_put(&new->h);
+                goto foundit;
+        }
+        return rv;
+}
+static void svcauth_unix_domain_release(struct auth_domain *dom)
+{
+        struct unix_domain *ud = container_of(dom, struct unix_domain, h);
+        kfree(dom->name);
+        kfree(ud);
+}
+/**************************************************
+ * cache for IP address to unix_domain
+ * as needed by AUTH_UNIX
+ */
+#define IP_HASHBITS     8
+#define IP_HASHMAX      (1<<IP_HASHBITS)
+#define IP_HASHMASK     (IP_HASHMAX-1)
+struct ip_map {
+        struct cache_head       h;
+        char                    m_class[8]; /* e.g. "nfsd" */
+        struct in_addr          m_addr;
+        struct unix_domain      *m_client;
+        int                     m_add_change;
+};
+static struct cache_head        *ip_table[IP_HASHMAX];
+static void ip_map_put(struct cache_head *item, struct cache_detail *cd)
+{
+        struct ip_map *im = container_of(item, struct ip_map,h);
+        if (cache_put(item, cd)) {
+                if (test_bit(CACHE_VALID, &item->flags) &&
+                    !test_bit(CACHE_NEGATIVE, &item->flags))
+                        auth_domain_put(&im->m_client->h);
+                kfree(im);
+        }
+}
+static inline int ip_map_hash(struct ip_map *item)
+{
+        return hash_str(item->m_class, IP_HASHBITS) ^ 
+                hash_long((unsigned long)item->m_addr.s_addr, IP_HASHBITS);
+}
+static inline int ip_map_match(struct ip_map *item, struct ip_map *tmp)
+{
+        return strcmp(tmp->m_class, item->m_class) == 0
+                && tmp->m_addr.s_addr == item->m_addr.s_addr;
+}
+static inline void ip_map_init(struct ip_map *new, struct ip_map *item)
+{
+        strcpy(new->m_class, item->m_class);
+        new->m_addr.s_addr = item->m_addr.s_addr;
+}
+static inline void ip_map_update(struct ip_map *new, struct ip_map *item)
+{
+        cache_get(&item->m_client->h.h);
+        new->m_client = item->m_client;
+        new->m_add_change = item->m_add_change;
+}
+static void ip_map_request(struct cache_detail *cd,
+                                  struct cache_head *h,
+                                  char **bpp, int *blen)
+{
+        char text_addr[20];
+        struct ip_map *im = container_of(h, struct ip_map, h);
+        __u32 addr = im->m_addr.s_addr;
+        
+        snprintf(text_addr, 20, "%u.%u.%u.%u",
+                 ntohl(addr) >> 24 & 0xff,
+                 ntohl(addr) >> 16 & 0xff,
+                 ntohl(addr) >>  8 & 0xff,
+                 ntohl(addr) >>  0 & 0xff);
+        qword_add(bpp, blen, im->m_class);
+        qword_add(bpp, blen, text_addr);
+        (*bpp)[-1] = '\n';
+}
+static struct ip_map *ip_map_lookup(struct ip_map *, int);
+static int ip_map_parse(struct cache_detail *cd,
+                          char *mesg, int mlen)
+{
+        /* class ipaddress [domainname] */
+        /* should be safe just to use the start of the input buffer
+         * for scratch: */
+        char *buf = mesg;
+        int len;
+        int b1,b2,b3,b4;
+        char c;
+        struct ip_map ipm, *ipmp;
+        struct auth_domain *dom;
+        time_t expiry;
+        if (mesg[mlen-1] != '\n')
+                return -EINVAL;
+        mesg[mlen-1] = 0;
+        /* class */
+        len = qword_get(&mesg, ipm.m_class, sizeof(ipm.m_class));
+        if (len <= 0) return -EINVAL;
+        /* ip address */
+        len = qword_get(&mesg, buf, mlen);
+        if (len <= 0) return -EINVAL;
+        if (sscanf(buf, "%u.%u.%u.%u%c", &b1, &b2, &b3, &b4, &c) != 4)
+                return -EINVAL;
+        
+        expiry = get_expiry(&mesg);
+        if (expiry ==0)
+                return -EINVAL;
+        /* domainname, or empty for NEGATIVE */
+        len = qword_get(&mesg, buf, mlen);
+        if (len < 0) return -EINVAL;
+        if (len) {
+                dom = unix_domain_find(buf);
+                if (dom == NULL)
+                        return -ENOENT;
+        } else
+                dom = NULL;
+        ipm.m_addr.s_addr =
+                htonl((((((b1<<8)|b2)<<8)|b3)<<8)|b4);
+        ipm.h.flags = 0;
+        if (dom) {
+                ipm.m_client = container_of(dom, struct unix_domain, h);
+                ipm.m_add_change = ipm.m_client->addr_changes;
+        } else
+                set_bit(CACHE_NEGATIVE, &ipm.h.flags);
+        ipm.h.expiry_time = expiry;
+        ipmp = ip_map_lookup(&ipm, 1);
+        if (ipmp)
+                ip_map_put(&ipmp->h, &ip_map_cache);
+        if (dom)
+                auth_domain_put(dom);
+        if (!ipmp)
+                return -ENOMEM;
+        cache_flush();
+        return 0;
+}
+static int ip_map_show(struct seq_file *m,
+                       struct cache_detail *cd,
+                       struct cache_head *h)
+{
+        struct ip_map *im;
+        struct in_addr addr;
+        char *dom = "-no-domain-";
+        if (h == NULL) {
+                seq_puts(m, "#class IP domain\n");
+                return 0;
+        }
+        im = container_of(h, struct ip_map, h);
+        /* class addr domain */
+        addr = im->m_addr;
+        if (test_bit(CACHE_VALID, &h->flags) && 
+            !test_bit(CACHE_NEGATIVE, &h->flags))
+                dom = im->m_client->h.name;
+        seq_printf(m, "%s %d.%d.%d.%d %s\n",
+                   im->m_class,
+                   htonl(addr.s_addr) >> 24 & 0xff,
+                   htonl(addr.s_addr) >> 16 & 0xff,
+                   htonl(addr.s_addr) >>  8 & 0xff,
+                   htonl(addr.s_addr) >>  0 & 0xff,
+                   dom
+                   );
+        return 0;
+}
+        
+struct cache_detail ip_map_cache = {
+        .hash_size      = IP_HASHMAX,
+        .hash_table     = ip_table,
+        .name           = "auth.unix.ip",
+        .cache_put      = ip_map_put,
+        .cache_request  = ip_map_request,
+        .cache_parse    = ip_map_parse,
+        .cache_show     = ip_map_show,
+};
+static DefineSimpleCacheLookup(ip_map, 0)
+int auth_unix_add_addr(struct in_addr addr, struct auth_domain *dom)
+{
+        struct unix_domain *udom;
+        struct ip_map ip, *ipmp;
+        if (dom->flavour != RPC_AUTH_UNIX)
+                return -EINVAL;
+        udom = container_of(dom, struct unix_domain, h);
+        strcpy(ip.m_class, "nfsd");
+        ip.m_addr = addr;
+        ip.m_client = udom;
+        ip.m_add_change = udom->addr_changes+1;
+        ip.h.flags = 0;
+        ip.h.expiry_time = NEVER;
+        
+        ipmp = ip_map_lookup(&ip, 1);
+        if (ipmp) {
+                ip_map_put(&ipmp->h, &ip_map_cache);
+                return 0;
+        } else
+                return -ENOMEM;
+}
+int auth_unix_forget_old(struct auth_domain *dom)
+{
+        struct unix_domain *udom;
+        
+        if (dom->flavour != RPC_AUTH_UNIX)
+                return -EINVAL;
+        udom = container_of(dom, struct unix_domain, h);
+        udom->addr_changes++;
+        return 0;
+}
+struct auth_domain *auth_unix_lookup(struct in_addr addr)
+{
+        struct ip_map key, *ipm;
+        struct auth_domain *rv;
+        strcpy(key.m_class, "nfsd");
+        key.m_addr = addr;
+        ipm = ip_map_lookup(&key, 0);
+        if (!ipm)
+                return NULL;
+        if (cache_check(&ip_map_cache, &ipm->h, NULL))
+                return NULL;
+        if ((ipm->m_client->addr_changes - ipm->m_add_change) >0) {
+                if (test_and_set_bit(CACHE_NEGATIVE, &ipm->h.flags) == 0)
+                        auth_domain_put(&ipm->m_client->h);
+                rv = NULL;
+        } else {
+                rv = &ipm->m_client->h;
+                cache_get(&rv->h);
+        }
+        ip_map_put(&ipm->h, &ip_map_cache);
+        return rv;
+}
+void svcauth_unix_purge(void)
+{
+        cache_purge(&ip_map_cache);
+        cache_purge(&auth_domain_cache);
+}
+static int
+svcauth_unix_set_client(struct svc_rqst *rqstp)
+{
+        struct ip_map key, *ipm;
+        rqstp->rq_client = NULL;
+        if (rqstp->rq_proc == 0)
+                return SVC_OK;
+        strcpy(key.m_class, rqstp->rq_server->sv_program->pg_class);
+        key.m_addr = rqstp->rq_addr.sin_addr;
+        ipm = ip_map_lookup(&key, 0);
+        if (ipm == NULL)
+                return SVC_DENIED;
+        switch (cache_check(&ip_map_cache, &ipm->h, &rqstp->rq_chandle)) {
+                default:
+                        BUG();
+                case -EAGAIN:
+                        return SVC_DROP;
+                case -ENOENT:
+                        return SVC_DENIED;
+                case 0:
+                        rqstp->rq_client = &ipm->m_client->h;
+                        cache_get(&rqstp->rq_client->h);
+                        ip_map_put(&ipm->h, &ip_map_cache);
+                        break;
+        }
+        return SVC_OK;
+}
+static int
+svcauth_null_accept(struct svc_rqst *rqstp, u32 *authp)
+{
+        struct kvec     *argv = &rqstp->rq_arg.head[0];
+        struct kvec     *resv = &rqstp->rq_res.head[0];
+        struct svc_cred *cred = &rqstp->rq_cred;
+        cred->cr_group_info = NULL;
+        rqstp->rq_client = NULL;
+        if (argv->iov_len < 3*4)
+                return SVC_GARBAGE;
+        if (svc_getu32(argv) != 0) { 
+                dprintk("svc: bad null cred\n");
+                *authp = rpc_autherr_badcred;
+                return SVC_DENIED;
+        }
+        if (svc_getu32(argv) != RPC_AUTH_NULL || svc_getu32(argv) != 0) {
+                dprintk("svc: bad null verf\n");
+                *authp = rpc_autherr_badverf;
+                return SVC_DENIED;
+        }
+        /* Signal that mapping to nobody uid/gid is required */
+        cred->cr_uid = (uid_t) -1;
+        cred->cr_gid = (gid_t) -1;
+        cred->cr_group_info = groups_alloc(0);
+        if (cred->cr_group_info == NULL)
+                return SVC_DROP; /* kmalloc failure - client must retry */
+        /* Put NULL verifier */
+        svc_putu32(resv, RPC_AUTH_NULL);
+        svc_putu32(resv, 0);
+        return SVC_OK;
+}
+static int
+svcauth_null_release(struct svc_rqst *rqstp)
+{
+        if (rqstp->rq_client)
+                auth_domain_put(rqstp->rq_client);
+        rqstp->rq_client = NULL;
+        if (rqstp->rq_cred.cr_group_info)
+                put_group_info(rqstp->rq_cred.cr_group_info);
+        rqstp->rq_cred.cr_group_info = NULL;
+        return 0; /* don't drop */
+}
+struct auth_ops svcauth_null = {
+        .name           = "null",
+        .owner          = THIS_MODULE,
+        .flavour        = RPC_AUTH_NULL,
+        .accept         = svcauth_null_accept,
+        .release        = svcauth_null_release,
+        .set_client     = svcauth_unix_set_client,
+};
+static int
+svcauth_unix_accept(struct svc_rqst *rqstp, u32 *authp)
+{
+        struct kvec     *argv = &rqstp->rq_arg.head[0];
+        struct kvec     *resv = &rqstp->rq_res.head[0];
+        struct svc_cred *cred = &rqstp->rq_cred;
+        u32             slen, i;
+        int             len   = argv->iov_len;
+        cred->cr_group_info = NULL;
+        rqstp->rq_client = NULL;
+        if ((len -= 3*4) < 0)
+                return SVC_GARBAGE;
+        svc_getu32(argv);                       /* length */
+        svc_getu32(argv);                       /* time stamp */
+        slen = XDR_QUADLEN(ntohl(svc_getu32(argv)));    /* machname length */
+        if (slen > 64 || (len -= (slen + 3)*4) < 0)
+                goto badcred;
+        argv->iov_base = (void*)((u32*)argv->iov_base + slen);  /* skip machname */
+        argv->iov_len -= slen*4;
+        cred->cr_uid = ntohl(svc_getu32(argv));         /* uid */
+        cred->cr_gid = ntohl(svc_getu32(argv));         /* gid */
+        slen = ntohl(svc_getu32(argv));                 /* gids length */
+        if (slen > 16 || (len -= (slen + 2)*4) < 0)
+                goto badcred;
+        cred->cr_group_info = groups_alloc(slen);
+        if (cred->cr_group_info == NULL)
+                return SVC_DROP;
+        for (i = 0; i < slen; i++)
+                GROUP_AT(cred->cr_group_info, i) = ntohl(svc_getu32(argv));
+        if (svc_getu32(argv) != RPC_AUTH_NULL || svc_getu32(argv) != 0) {
+                *authp = rpc_autherr_badverf;
+                return SVC_DENIED;
+        }
+        /* Put NULL verifier */
+        svc_putu32(resv, RPC_AUTH_NULL);
+        svc_putu32(resv, 0);
+        return SVC_OK;
+badcred:
+        *authp = rpc_autherr_badcred;
+        return SVC_DENIED;
+}
+static int
+svcauth_unix_release(struct svc_rqst *rqstp)
+{
+        /* Verifier (such as it is) is already in place.
+         */
+        if (rqstp->rq_client)
+                auth_domain_put(rqstp->rq_client);
+        rqstp->rq_client = NULL;
+        if (rqstp->rq_cred.cr_group_info)
+                put_group_info(rqstp->rq_cred.cr_group_info);
+        rqstp->rq_cred.cr_group_info = NULL;
+        return 0;
+}
+struct auth_ops svcauth_unix = {
+        .name           = "unix",
+        .owner          = THIS_MODULE,
+        .flavour        = RPC_AUTH_UNIX,
+        .accept         = svcauth_unix_accept,
+        .release        = svcauth_unix_release,
+        .domain_release = svcauth_unix_domain_release,
+        .set_client     = svcauth_unix_set_client,
+};
author	Linus Torvalds <torvalds@ppc970.osdl.org>	2005-04-16 18:20:36 -0400
committer	Linus Torvalds <torvalds@ppc970.osdl.org>	2005-04-16 18:20:36 -0400
commit	1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (patch)
tree	0bba044c4ce775e45a88a51686b5d9f90697ea9d /net/sunrpc/svcauth_unix.c

diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c new file mode 100644 index 000000000000..2b99b4028d31 --- /dev/null +++ b/net/sunrpc/svcauth_unix.c
@@ -0,0 +1,502 @@
	1	#include <linux/types.h>
	2	#include <linux/sched.h>
	3	#include <linux/module.h>
	4	#include <linux/sunrpc/types.h>
	5	#include <linux/sunrpc/xdr.h>
	6	#include <linux/sunrpc/svcsock.h>
	7	#include <linux/sunrpc/svcauth.h>
	8	#include <linux/err.h>
	9	#include <linux/seq_file.h>
	10	#include <linux/hash.h>
	11
	12	#define RPCDBG_FACILITY RPCDBG_AUTH
	13
	14
	15	/*
	16	* AUTHUNIX and AUTHNULL credentials are both handled here.
	17	* AUTHNULL is treated just like AUTHUNIX except that the uid/gid
	18	* are always nobody (-2). i.e. we do the same IP address checks for
	19	* AUTHNULL as for AUTHUNIX, and that is done here.
	20	*/
	21
	22
	23	static char strdup(char s)
	24	{
	25	char *rv = kmalloc(strlen(s)+1, GFP_KERNEL);
	26	if (rv)
	27	strcpy(rv, s);
	28	return rv;
	29	}
	30
	31	struct unix_domain {
	32	struct auth_domain h;
	33	int addr_changes;
	34	/* other stuff later */
	35	};
	36
	37	struct auth_domain unix_domain_find(char name)
	38	{
	39	struct auth_domain *rv, ud;
	40	struct unix_domain *new;
	41
	42	ud.name = name;
	43
	44	rv = auth_domain_lookup(&ud, 0);
	45
	46	foundit:
	47	if (rv && rv->flavour != RPC_AUTH_UNIX) {
	48	auth_domain_put(rv);
	49	return NULL;
	50	}
	51	if (rv)
	52	return rv;
	53
	54	new = kmalloc(sizeof(*new), GFP_KERNEL);
	55	if (new == NULL)
	56	return NULL;
	57	cache_init(&new->h.h);
	58	new->h.name = strdup(name);
	59	new->h.flavour = RPC_AUTH_UNIX;
	60	new->addr_changes = 0;
	61	new->h.h.expiry_time = NEVER;
	62
	63	rv = auth_domain_lookup(&new->h, 2);
	64	if (rv == &new->h) {
	65	if (atomic_dec_and_test(&new->h.h.refcnt)) BUG();
	66	} else {
	67	auth_domain_put(&new->h);
	68	goto foundit;
	69	}
	70
	71	return rv;
	72	}
	73
	74	static void svcauth_unix_domain_release(struct auth_domain *dom)
	75	{
	76	struct unix_domain *ud = container_of(dom, struct unix_domain, h);
	77
	78	kfree(dom->name);
	79	kfree(ud);
	80	}
	81
	82
	83	/**************************************************
	84	* cache for IP address to unix_domain
	85	* as needed by AUTH_UNIX
	86	*/
	87	#define IP_HASHBITS 8
	88	#define IP_HASHMAX (1<<IP_HASHBITS)
	89	#define IP_HASHMASK (IP_HASHMAX-1)
	90
	91	struct ip_map {
	92	struct cache_head h;
	93	char m_class[8]; /* e.g. "nfsd" */
	94	struct in_addr m_addr;
	95	struct unix_domain *m_client;
	96	int m_add_change;
	97	};
	98	static struct cache_head *ip_table[IP_HASHMAX];
	99
	100	static void ip_map_put(struct cache_head item, struct cache_detail cd)
	101	{
	102	struct ip_map *im = container_of(item, struct ip_map,h);
	103	if (cache_put(item, cd)) {
	104	if (test_bit(CACHE_VALID, &item->flags) &&
	105	!test_bit(CACHE_NEGATIVE, &item->flags))
	106	auth_domain_put(&im->m_client->h);
	107	kfree(im);
	108	}
	109	}
	110
	111	static inline int ip_map_hash(struct ip_map *item)
	112	{
	113	return hash_str(item->m_class, IP_HASHBITS) ^
	114	hash_long((unsigned long)item->m_addr.s_addr, IP_HASHBITS);
	115	}
	116	static inline int ip_map_match(struct ip_map item, struct ip_map tmp)
	117	{
	118	return strcmp(tmp->m_class, item->m_class) == 0
	119	&& tmp->m_addr.s_addr == item->m_addr.s_addr;
	120	}
	121	static inline void ip_map_init(struct ip_map new, struct ip_map item)
	122	{
	123	strcpy(new->m_class, item->m_class);
	124	new->m_addr.s_addr = item->m_addr.s_addr;
	125	}
	126	static inline void ip_map_update(struct ip_map new, struct ip_map item)
	127	{
	128	cache_get(&item->m_client->h.h);
	129	new->m_client = item->m_client;
	130	new->m_add_change = item->m_add_change;
	131	}
	132
	133	static void ip_map_request(struct cache_detail *cd,
	134	struct cache_head *h,
	135	char *bpp, int blen)
	136	{
	137	char text_addr[20];
	138	struct ip_map *im = container_of(h, struct ip_map, h);
	139	__u32 addr = im->m_addr.s_addr;
	140
	141	snprintf(text_addr, 20, "%u.%u.%u.%u",
	142	ntohl(addr) >> 24 & 0xff,
	143	ntohl(addr) >> 16 & 0xff,
	144	ntohl(addr) >> 8 & 0xff,
	145	ntohl(addr) >> 0 & 0xff);
	146
	147	qword_add(bpp, blen, im->m_class);
	148	qword_add(bpp, blen, text_addr);
	149	(*bpp)[-1] = '\n';
	150	}
	151
	152	static struct ip_map ip_map_lookup(struct ip_map , int);
	153
	154	static int ip_map_parse(struct cache_detail *cd,
	155	char *mesg, int mlen)
	156	{
	157	/* class ipaddress [domainname] */
	158	/* should be safe just to use the start of the input buffer
	159	* for scratch: */
	160	char *buf = mesg;
	161	int len;
	162	int b1,b2,b3,b4;
	163	char c;
	164	struct ip_map ipm, *ipmp;
	165	struct auth_domain *dom;
	166	time_t expiry;
	167
	168	if (mesg[mlen-1] != '\n')
	169	return -EINVAL;
	170	mesg[mlen-1] = 0;
	171
	172	/* class */
	173	len = qword_get(&mesg, ipm.m_class, sizeof(ipm.m_class));
	174	if (len <= 0) return -EINVAL;
	175
	176	/* ip address */
	177	len = qword_get(&mesg, buf, mlen);
	178	if (len <= 0) return -EINVAL;
	179
	180	if (sscanf(buf, "%u.%u.%u.%u%c", &b1, &b2, &b3, &b4, &c) != 4)
	181	return -EINVAL;
	182
	183	expiry = get_expiry(&mesg);
	184	if (expiry ==0)
	185	return -EINVAL;
	186
	187	/* domainname, or empty for NEGATIVE */
	188	len = qword_get(&mesg, buf, mlen);
	189	if (len < 0) return -EINVAL;
	190
	191	if (len) {
	192	dom = unix_domain_find(buf);
	193	if (dom == NULL)
	194	return -ENOENT;
	195	} else
	196	dom = NULL;
	197
	198	ipm.m_addr.s_addr =
	199	htonl((((((b1<<8)\|b2)<<8)\|b3)<<8)\|b4);
	200	ipm.h.flags = 0;
	201	if (dom) {
	202	ipm.m_client = container_of(dom, struct unix_domain, h);
	203	ipm.m_add_change = ipm.m_client->addr_changes;
	204	} else
	205	set_bit(CACHE_NEGATIVE, &ipm.h.flags);
	206	ipm.h.expiry_time = expiry;
	207
	208	ipmp = ip_map_lookup(&ipm, 1);
	209	if (ipmp)
	210	ip_map_put(&ipmp->h, &ip_map_cache);
	211	if (dom)
	212	auth_domain_put(dom);
	213	if (!ipmp)
	214	return -ENOMEM;
	215	cache_flush();
	216	return 0;
	217	}
	218
	219	static int ip_map_show(struct seq_file *m,
	220	struct cache_detail *cd,
	221	struct cache_head *h)
	222	{
	223	struct ip_map *im;
	224	struct in_addr addr;
	225	char *dom = "-no-domain-";
	226
	227	if (h == NULL) {
	228	seq_puts(m, "#class IP domain\n");
	229	return 0;
	230	}
	231	im = container_of(h, struct ip_map, h);
	232	/* class addr domain */
	233	addr = im->m_addr;
	234
	235	if (test_bit(CACHE_VALID, &h->flags) &&
	236	!test_bit(CACHE_NEGATIVE, &h->flags))
	237	dom = im->m_client->h.name;
	238
	239	seq_printf(m, "%s %d.%d.%d.%d %s\n",
	240	im->m_class,
	241	htonl(addr.s_addr) >> 24 & 0xff,
	242	htonl(addr.s_addr) >> 16 & 0xff,
	243	htonl(addr.s_addr) >> 8 & 0xff,
	244	htonl(addr.s_addr) >> 0 & 0xff,
	245	dom
	246	);
	247	return 0;
	248	}
	249
	250
	251	struct cache_detail ip_map_cache = {
	252	.hash_size = IP_HASHMAX,
	253	.hash_table = ip_table,
	254	.name = "auth.unix.ip",
	255	.cache_put = ip_map_put,
	256	.cache_request = ip_map_request,
	257	.cache_parse = ip_map_parse,
	258	.cache_show = ip_map_show,
	259	};
	260
	261	static DefineSimpleCacheLookup(ip_map, 0)
	262
	263
	264	int auth_unix_add_addr(struct in_addr addr, struct auth_domain *dom)
	265	{
	266	struct unix_domain *udom;
	267	struct ip_map ip, *ipmp;
	268
	269	if (dom->flavour != RPC_AUTH_UNIX)
	270	return -EINVAL;
	271	udom = container_of(dom, struct unix_domain, h);
	272	strcpy(ip.m_class, "nfsd");
	273	ip.m_addr = addr;
	274	ip.m_client = udom;
	275	ip.m_add_change = udom->addr_changes+1;
	276	ip.h.flags = 0;
	277	ip.h.expiry_time = NEVER;
	278
	279	ipmp = ip_map_lookup(&ip, 1);
	280
	281	if (ipmp) {
	282	ip_map_put(&ipmp->h, &ip_map_cache);
	283	return 0;
	284	} else
	285	return -ENOMEM;
	286	}
	287
	288	int auth_unix_forget_old(struct auth_domain *dom)
	289	{
	290	struct unix_domain *udom;
	291
	292	if (dom->flavour != RPC_AUTH_UNIX)
	293	return -EINVAL;
	294	udom = container_of(dom, struct unix_domain, h);
	295	udom->addr_changes++;
	296	return 0;
	297	}
	298
	299	struct auth_domain *auth_unix_lookup(struct in_addr addr)
	300	{
	301	struct ip_map key, *ipm;
	302	struct auth_domain *rv;
	303
	304	strcpy(key.m_class, "nfsd");
	305	key.m_addr = addr;
	306
	307	ipm = ip_map_lookup(&key, 0);
	308
	309	if (!ipm)
	310	return NULL;
	311	if (cache_check(&ip_map_cache, &ipm->h, NULL))
	312	return NULL;
	313
	314	if ((ipm->m_client->addr_changes - ipm->m_add_change) >0) {
	315	if (test_and_set_bit(CACHE_NEGATIVE, &ipm->h.flags) == 0)
	316	auth_domain_put(&ipm->m_client->h);
	317	rv = NULL;
	318	} else {
	319	rv = &ipm->m_client->h;
	320	cache_get(&rv->h);
	321	}
	322	ip_map_put(&ipm->h, &ip_map_cache);
	323	return rv;
	324	}
	325
	326	void svcauth_unix_purge(void)
	327	{
	328	cache_purge(&ip_map_cache);
	329	cache_purge(&auth_domain_cache);
	330	}
	331
	332	static int
	333	svcauth_unix_set_client(struct svc_rqst *rqstp)
	334	{
	335	struct ip_map key, *ipm;
	336
	337	rqstp->rq_client = NULL;
	338	if (rqstp->rq_proc == 0)
	339	return SVC_OK;
	340
	341	strcpy(key.m_class, rqstp->rq_server->sv_program->pg_class);
	342	key.m_addr = rqstp->rq_addr.sin_addr;
	343
	344	ipm = ip_map_lookup(&key, 0);
	345
	346	if (ipm == NULL)
	347	return SVC_DENIED;
	348
	349	switch (cache_check(&ip_map_cache, &ipm->h, &rqstp->rq_chandle)) {
	350	default:
	351	BUG();
	352	case -EAGAIN:
	353	return SVC_DROP;
	354	case -ENOENT:
	355	return SVC_DENIED;
	356	case 0:
	357	rqstp->rq_client = &ipm->m_client->h;
	358	cache_get(&rqstp->rq_client->h);
	359	ip_map_put(&ipm->h, &ip_map_cache);
	360	break;
	361	}
	362	return SVC_OK;
	363	}
	364
	365	static int
	366	svcauth_null_accept(struct svc_rqst rqstp, u32 authp)
	367	{
	368	struct kvec *argv = &rqstp->rq_arg.head[0];
	369	struct kvec *resv = &rqstp->rq_res.head[0];
	370	struct svc_cred *cred = &rqstp->rq_cred;
	371
	372	cred->cr_group_info = NULL;
	373	rqstp->rq_client = NULL;
	374
	375	if (argv->iov_len < 3*4)
	376	return SVC_GARBAGE;
	377
	378	if (svc_getu32(argv) != 0) {
	379	dprintk("svc: bad null cred\n");
	380	*authp = rpc_autherr_badcred;
	381	return SVC_DENIED;
	382	}
	383	if (svc_getu32(argv) != RPC_AUTH_NULL \|\| svc_getu32(argv) != 0) {
	384	dprintk("svc: bad null verf\n");
	385	*authp = rpc_autherr_badverf;
	386	return SVC_DENIED;
	387	}
	388
	389	/* Signal that mapping to nobody uid/gid is required */
	390	cred->cr_uid = (uid_t) -1;
	391	cred->cr_gid = (gid_t) -1;
	392	cred->cr_group_info = groups_alloc(0);
	393	if (cred->cr_group_info == NULL)
	394	return SVC_DROP; /* kmalloc failure - client must retry */
	395
	396	/* Put NULL verifier */
	397	svc_putu32(resv, RPC_AUTH_NULL);
	398	svc_putu32(resv, 0);
	399
	400	return SVC_OK;
	401	}
	402
	403	static int
	404	svcauth_null_release(struct svc_rqst *rqstp)
	405	{
	406	if (rqstp->rq_client)
	407	auth_domain_put(rqstp->rq_client);
	408	rqstp->rq_client = NULL;
	409	if (rqstp->rq_cred.cr_group_info)
	410	put_group_info(rqstp->rq_cred.cr_group_info);
	411	rqstp->rq_cred.cr_group_info = NULL;
	412
	413	return 0; /* don't drop */
	414	}
	415
	416
	417	struct auth_ops svcauth_null = {
	418	.name = "null",
	419	.owner = THIS_MODULE,
	420	.flavour = RPC_AUTH_NULL,
	421	.accept = svcauth_null_accept,
	422	.release = svcauth_null_release,
	423	.set_client = svcauth_unix_set_client,
	424	};
	425
	426
	427	static int
	428	svcauth_unix_accept(struct svc_rqst rqstp, u32 authp)
	429	{
	430	struct kvec *argv = &rqstp->rq_arg.head[0];
	431	struct kvec *resv = &rqstp->rq_res.head[0];
	432	struct svc_cred *cred = &rqstp->rq_cred;
	433	u32 slen, i;
	434	int len = argv->iov_len;
	435
	436	cred->cr_group_info = NULL;
	437	rqstp->rq_client = NULL;
	438
	439	if ((len -= 3*4) < 0)
	440	return SVC_GARBAGE;
	441
	442	svc_getu32(argv); /* length */
	443	svc_getu32(argv); /* time stamp */
	444	slen = XDR_QUADLEN(ntohl(svc_getu32(argv))); /* machname length */
	445	if (slen > 64 \|\| (len -= (slen + 3)*4) < 0)
	446	goto badcred;
	447	argv->iov_base = (void)((u32)argv->iov_base + slen); /* skip machname */
	448	argv->iov_len -= slen*4;
	449
	450	cred->cr_uid = ntohl(svc_getu32(argv)); /* uid */
	451	cred->cr_gid = ntohl(svc_getu32(argv)); /* gid */
	452	slen = ntohl(svc_getu32(argv)); /* gids length */
	453	if (slen > 16 \|\| (len -= (slen + 2)*4) < 0)
	454	goto badcred;
	455	cred->cr_group_info = groups_alloc(slen);
	456	if (cred->cr_group_info == NULL)
	457	return SVC_DROP;
	458	for (i = 0; i < slen; i++)
	459	GROUP_AT(cred->cr_group_info, i) = ntohl(svc_getu32(argv));
	460
	461	if (svc_getu32(argv) != RPC_AUTH_NULL \|\| svc_getu32(argv) != 0) {
	462	*authp = rpc_autherr_badverf;
	463	return SVC_DENIED;
	464	}
	465
	466	/* Put NULL verifier */
	467	svc_putu32(resv, RPC_AUTH_NULL);
	468	svc_putu32(resv, 0);
	469
	470	return SVC_OK;
	471
	472	badcred:
	473	*authp = rpc_autherr_badcred;
	474	return SVC_DENIED;
	475	}
	476
	477	static int
	478	svcauth_unix_release(struct svc_rqst *rqstp)
	479	{
	480	/* Verifier (such as it is) is already in place.
	481	*/
	482	if (rqstp->rq_client)
	483	auth_domain_put(rqstp->rq_client);
	484	rqstp->rq_client = NULL;
	485	if (rqstp->rq_cred.cr_group_info)
	486	put_group_info(rqstp->rq_cred.cr_group_info);
	487	rqstp->rq_cred.cr_group_info = NULL;
	488
	489	return 0;
	490	}
	491
	492
	493	struct auth_ops svcauth_unix = {
	494	.name = "unix",
	495	.owner = THIS_MODULE,
	496	.flavour = RPC_AUTH_UNIX,
	497	.accept = svcauth_unix_accept,
	498	.release = svcauth_unix_release,
	499	.domain_release = svcauth_unix_domain_release,
	500	.set_client = svcauth_unix_set_client,
	501	};
	502