Blame view
fs/nfsd/auth.c
1.99 KB
7663dacd9
|
1 |
/* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> */ |
1da177e4c
|
2 |
|
1da177e4c
|
3 |
#include <linux/sched.h> |
9a74af213
|
4 |
#include "nfsd.h" |
a254b246e
|
5 |
#include "auth.h" |
1da177e4c
|
6 |
|
c7d51402d
|
7 |
int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp) |
1269bc69b
|
8 9 10 11 12 13 14 15 16 17 18 |
{ struct exp_flavor_info *f; struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors; for (f = exp->ex_flavors; f < end; f++) { if (f->pseudoflavor == rqstp->rq_flavor) return f->flags; } return exp->ex_flags; } |
1da177e4c
|
19 20 |
int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) { |
d84f4f992
|
21 22 23 |
struct group_info *rqgi; struct group_info *gi; struct cred *new; |
1da177e4c
|
24 |
int i; |
1269bc69b
|
25 |
int flags = nfsexp_flags(rqstp, exp); |
1da177e4c
|
26 |
int ret; |
e0e817392
|
27 |
validate_process_creds(); |
3b11a1dec
|
28 29 |
/* discard any old override before preparing the new set */ revert_creds(get_cred(current->real_cred)); |
d84f4f992
|
30 31 32 33 34 35 36 37 |
new = prepare_creds(); if (!new) return -ENOMEM; new->fsuid = rqstp->rq_cred.cr_uid; new->fsgid = rqstp->rq_cred.cr_gid; rqgi = rqstp->rq_cred.cr_group_info; |
1269bc69b
|
38 |
if (flags & NFSEXP_ALLSQUASH) { |
d84f4f992
|
39 40 41 |
new->fsuid = exp->ex_anon_uid; new->fsgid = exp->ex_anon_gid; gi = groups_alloc(0); |
bf935a788
|
42 43 |
if (!gi) goto oom; |
1269bc69b
|
44 |
} else if (flags & NFSEXP_ROOTSQUASH) { |
d84f4f992
|
45 46 47 48 |
if (!new->fsuid) new->fsuid = exp->ex_anon_uid; if (!new->fsgid) new->fsgid = exp->ex_anon_gid; |
1da177e4c
|
49 |
|
d84f4f992
|
50 51 52 53 54 55 56 57 58 59 |
gi = groups_alloc(rqgi->ngroups); if (!gi) goto oom; for (i = 0; i < rqgi->ngroups; i++) { if (!GROUP_AT(rqgi, i)) GROUP_AT(gi, i) = exp->ex_anon_gid; else GROUP_AT(gi, i) = GROUP_AT(rqgi, i); } |
1da177e4c
|
60 |
} else { |
d84f4f992
|
61 |
gi = get_group_info(rqgi); |
1da177e4c
|
62 |
} |
d84f4f992
|
63 64 65 66 67 68 69 70 |
if (new->fsuid == (uid_t) -1) new->fsuid = exp->ex_anon_uid; if (new->fsgid == (gid_t) -1) new->fsgid = exp->ex_anon_gid; ret = set_groups(new, gi); put_group_info(gi); |
f05ef8db1
|
71 |
if (ret < 0) |
d84f4f992
|
72 |
goto error; |
f05ef8db1
|
73 |
if (new->fsuid) |
d84f4f992
|
74 75 76 77 |
new->cap_effective = cap_drop_nfsd_set(new->cap_effective); else new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_permitted); |
e0e817392
|
78 |
validate_process_creds(); |
3b11a1dec
|
79 |
put_cred(override_creds(new)); |
b914152a6
|
80 |
put_cred(new); |
e0e817392
|
81 |
validate_process_creds(); |
3b11a1dec
|
82 |
return 0; |
d84f4f992
|
83 84 85 86 87 |
oom: ret = -ENOMEM; error: abort_creds(new); |
1da177e4c
|
88 89 |
return ret; } |
b6dff3ec5
|
90 |