diff options
Diffstat (limited to 'net/sunrpc/auth_unix.c')
-rw-r--r-- | net/sunrpc/auth_unix.c | 242 |
1 files changed, 242 insertions, 0 deletions
diff --git a/net/sunrpc/auth_unix.c b/net/sunrpc/auth_unix.c new file mode 100644 index 000000000000..4ff297a9b15b --- /dev/null +++ b/net/sunrpc/auth_unix.c | |||
@@ -0,0 +1,242 @@ | |||
1 | /* | ||
2 | * linux/net/sunrpc/auth_unix.c | ||
3 | * | ||
4 | * UNIX-style authentication; no AUTH_SHORT support | ||
5 | * | ||
6 | * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de> | ||
7 | */ | ||
8 | |||
9 | #include <linux/types.h> | ||
10 | #include <linux/sched.h> | ||
11 | #include <linux/module.h> | ||
12 | #include <linux/socket.h> | ||
13 | #include <linux/in.h> | ||
14 | #include <linux/sunrpc/clnt.h> | ||
15 | #include <linux/sunrpc/auth.h> | ||
16 | |||
17 | #define NFS_NGROUPS 16 | ||
18 | |||
19 | struct unx_cred { | ||
20 | struct rpc_cred uc_base; | ||
21 | gid_t uc_gid; | ||
22 | gid_t uc_gids[NFS_NGROUPS]; | ||
23 | }; | ||
24 | #define uc_uid uc_base.cr_uid | ||
25 | #define uc_count uc_base.cr_count | ||
26 | #define uc_flags uc_base.cr_flags | ||
27 | #define uc_expire uc_base.cr_expire | ||
28 | |||
29 | #define UNX_CRED_EXPIRE (60 * HZ) | ||
30 | |||
31 | #define UNX_WRITESLACK (21 + (UNX_MAXNODENAME >> 2)) | ||
32 | |||
33 | #ifdef RPC_DEBUG | ||
34 | # define RPCDBG_FACILITY RPCDBG_AUTH | ||
35 | #endif | ||
36 | |||
37 | static struct rpc_auth unix_auth; | ||
38 | static struct rpc_cred_cache unix_cred_cache; | ||
39 | static struct rpc_credops unix_credops; | ||
40 | |||
41 | static struct rpc_auth * | ||
42 | unx_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor) | ||
43 | { | ||
44 | dprintk("RPC: creating UNIX authenticator for client %p\n", clnt); | ||
45 | if (atomic_inc_return(&unix_auth.au_count) == 0) | ||
46 | unix_cred_cache.nextgc = jiffies + (unix_cred_cache.expire >> 1); | ||
47 | return &unix_auth; | ||
48 | } | ||
49 | |||
50 | static void | ||
51 | unx_destroy(struct rpc_auth *auth) | ||
52 | { | ||
53 | dprintk("RPC: destroying UNIX authenticator %p\n", auth); | ||
54 | rpcauth_free_credcache(auth); | ||
55 | } | ||
56 | |||
57 | /* | ||
58 | * Lookup AUTH_UNIX creds for current process | ||
59 | */ | ||
60 | static struct rpc_cred * | ||
61 | unx_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) | ||
62 | { | ||
63 | return rpcauth_lookup_credcache(auth, acred, flags); | ||
64 | } | ||
65 | |||
66 | static struct rpc_cred * | ||
67 | unx_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) | ||
68 | { | ||
69 | struct unx_cred *cred; | ||
70 | int i; | ||
71 | |||
72 | dprintk("RPC: allocating UNIX cred for uid %d gid %d\n", | ||
73 | acred->uid, acred->gid); | ||
74 | |||
75 | if (!(cred = (struct unx_cred *) kmalloc(sizeof(*cred), GFP_KERNEL))) | ||
76 | return ERR_PTR(-ENOMEM); | ||
77 | |||
78 | atomic_set(&cred->uc_count, 1); | ||
79 | cred->uc_flags = RPCAUTH_CRED_UPTODATE; | ||
80 | if (flags & RPC_TASK_ROOTCREDS) { | ||
81 | cred->uc_uid = 0; | ||
82 | cred->uc_gid = 0; | ||
83 | cred->uc_gids[0] = NOGROUP; | ||
84 | } else { | ||
85 | int groups = acred->group_info->ngroups; | ||
86 | if (groups > NFS_NGROUPS) | ||
87 | groups = NFS_NGROUPS; | ||
88 | |||
89 | cred->uc_uid = acred->uid; | ||
90 | cred->uc_gid = acred->gid; | ||
91 | for (i = 0; i < groups; i++) | ||
92 | cred->uc_gids[i] = GROUP_AT(acred->group_info, i); | ||
93 | if (i < NFS_NGROUPS) | ||
94 | cred->uc_gids[i] = NOGROUP; | ||
95 | } | ||
96 | cred->uc_base.cr_ops = &unix_credops; | ||
97 | |||
98 | return (struct rpc_cred *) cred; | ||
99 | } | ||
100 | |||
101 | static void | ||
102 | unx_destroy_cred(struct rpc_cred *cred) | ||
103 | { | ||
104 | kfree(cred); | ||
105 | } | ||
106 | |||
107 | /* | ||
108 | * Match credentials against current process creds. | ||
109 | * The root_override argument takes care of cases where the caller may | ||
110 | * request root creds (e.g. for NFS swapping). | ||
111 | */ | ||
112 | static int | ||
113 | unx_match(struct auth_cred *acred, struct rpc_cred *rcred, int taskflags) | ||
114 | { | ||
115 | struct unx_cred *cred = (struct unx_cred *) rcred; | ||
116 | int i; | ||
117 | |||
118 | if (!(taskflags & RPC_TASK_ROOTCREDS)) { | ||
119 | int groups; | ||
120 | |||
121 | if (cred->uc_uid != acred->uid | ||
122 | || cred->uc_gid != acred->gid) | ||
123 | return 0; | ||
124 | |||
125 | groups = acred->group_info->ngroups; | ||
126 | if (groups > NFS_NGROUPS) | ||
127 | groups = NFS_NGROUPS; | ||
128 | for (i = 0; i < groups ; i++) | ||
129 | if (cred->uc_gids[i] != GROUP_AT(acred->group_info, i)) | ||
130 | return 0; | ||
131 | return 1; | ||
132 | } | ||
133 | return (cred->uc_uid == 0 | ||
134 | && cred->uc_gid == 0 | ||
135 | && cred->uc_gids[0] == (gid_t) NOGROUP); | ||
136 | } | ||
137 | |||
138 | /* | ||
139 | * Marshal credentials. | ||
140 | * Maybe we should keep a cached credential for performance reasons. | ||
141 | */ | ||
142 | static u32 * | ||
143 | unx_marshal(struct rpc_task *task, u32 *p) | ||
144 | { | ||
145 | struct rpc_clnt *clnt = task->tk_client; | ||
146 | struct unx_cred *cred = (struct unx_cred *) task->tk_msg.rpc_cred; | ||
147 | u32 *base, *hold; | ||
148 | int i; | ||
149 | |||
150 | *p++ = htonl(RPC_AUTH_UNIX); | ||
151 | base = p++; | ||
152 | *p++ = htonl(jiffies/HZ); | ||
153 | |||
154 | /* | ||
155 | * Copy the UTS nodename captured when the client was created. | ||
156 | */ | ||
157 | p = xdr_encode_array(p, clnt->cl_nodename, clnt->cl_nodelen); | ||
158 | |||
159 | *p++ = htonl((u32) cred->uc_uid); | ||
160 | *p++ = htonl((u32) cred->uc_gid); | ||
161 | hold = p++; | ||
162 | for (i = 0; i < 16 && cred->uc_gids[i] != (gid_t) NOGROUP; i++) | ||
163 | *p++ = htonl((u32) cred->uc_gids[i]); | ||
164 | *hold = htonl(p - hold - 1); /* gid array length */ | ||
165 | *base = htonl((p - base - 1) << 2); /* cred length */ | ||
166 | |||
167 | *p++ = htonl(RPC_AUTH_NULL); | ||
168 | *p++ = htonl(0); | ||
169 | |||
170 | return p; | ||
171 | } | ||
172 | |||
173 | /* | ||
174 | * Refresh credentials. This is a no-op for AUTH_UNIX | ||
175 | */ | ||
176 | static int | ||
177 | unx_refresh(struct rpc_task *task) | ||
178 | { | ||
179 | task->tk_msg.rpc_cred->cr_flags |= RPCAUTH_CRED_UPTODATE; | ||
180 | return 0; | ||
181 | } | ||
182 | |||
183 | static u32 * | ||
184 | unx_validate(struct rpc_task *task, u32 *p) | ||
185 | { | ||
186 | rpc_authflavor_t flavor; | ||
187 | u32 size; | ||
188 | |||
189 | flavor = ntohl(*p++); | ||
190 | if (flavor != RPC_AUTH_NULL && | ||
191 | flavor != RPC_AUTH_UNIX && | ||
192 | flavor != RPC_AUTH_SHORT) { | ||
193 | printk("RPC: bad verf flavor: %u\n", flavor); | ||
194 | return NULL; | ||
195 | } | ||
196 | |||
197 | size = ntohl(*p++); | ||
198 | if (size > RPC_MAX_AUTH_SIZE) { | ||
199 | printk("RPC: giant verf size: %u\n", size); | ||
200 | return NULL; | ||
201 | } | ||
202 | task->tk_auth->au_rslack = (size >> 2) + 2; | ||
203 | p += (size >> 2); | ||
204 | |||
205 | return p; | ||
206 | } | ||
207 | |||
208 | struct rpc_authops authunix_ops = { | ||
209 | .owner = THIS_MODULE, | ||
210 | .au_flavor = RPC_AUTH_UNIX, | ||
211 | #ifdef RPC_DEBUG | ||
212 | .au_name = "UNIX", | ||
213 | #endif | ||
214 | .create = unx_create, | ||
215 | .destroy = unx_destroy, | ||
216 | .lookup_cred = unx_lookup_cred, | ||
217 | .crcreate = unx_create_cred, | ||
218 | }; | ||
219 | |||
220 | static | ||
221 | struct rpc_cred_cache unix_cred_cache = { | ||
222 | .expire = UNX_CRED_EXPIRE, | ||
223 | }; | ||
224 | |||
225 | static | ||
226 | struct rpc_auth unix_auth = { | ||
227 | .au_cslack = UNX_WRITESLACK, | ||
228 | .au_rslack = 2, /* assume AUTH_NULL verf */ | ||
229 | .au_ops = &authunix_ops, | ||
230 | .au_count = ATOMIC_INIT(0), | ||
231 | .au_credcache = &unix_cred_cache, | ||
232 | }; | ||
233 | |||
234 | static | ||
235 | struct rpc_credops unix_credops = { | ||
236 | .cr_name = "AUTH_UNIX", | ||
237 | .crdestroy = unx_destroy_cred, | ||
238 | .crmatch = unx_match, | ||
239 | .crmarshal = unx_marshal, | ||
240 | .crrefresh = unx_refresh, | ||
241 | .crvalidate = unx_validate, | ||
242 | }; | ||