Blame view
net/sunrpc/svcauth_unix.c
20.5 KB
1da177e4c Linux-2.6.12-rc2 |
1 2 3 4 5 6 7 |
#include <linux/types.h> #include <linux/sched.h> #include <linux/module.h> #include <linux/sunrpc/types.h> #include <linux/sunrpc/xdr.h> #include <linux/sunrpc/svcsock.h> #include <linux/sunrpc/svcauth.h> |
c4170583f knfsd: nfsd4: sto... |
8 |
#include <linux/sunrpc/gss_api.h> |
1da177e4c Linux-2.6.12-rc2 |
9 10 11 |
#include <linux/err.h> #include <linux/seq_file.h> #include <linux/hash.h> |
543537bd9 [PATCH] create a ... |
12 |
#include <linux/string.h> |
5a0e3ad6a include cleanup: ... |
13 |
#include <linux/slab.h> |
7b2b1fee3 [PATCH] knfsd: kn... |
14 |
#include <net/sock.h> |
f15364bd4 IPv6 support for ... |
15 16 |
#include <net/ipv6.h> #include <linux/kernel.h> |
1da177e4c Linux-2.6.12-rc2 |
17 |
#define RPCDBG_FACILITY RPCDBG_AUTH |
07396051a SUNRPC: Use rpc_p... |
18 |
#include <linux/sunrpc/clnt.h> |
1da177e4c Linux-2.6.12-rc2 |
19 |
|
90d51b02f sunrpc: Make the ... |
20 |
#include "netns.h" |
1da177e4c Linux-2.6.12-rc2 |
21 22 23 24 25 26 |
/* * AUTHUNIX and AUTHNULL credentials are both handled here. * AUTHNULL is treated just like AUTHUNIX except that the uid/gid * are always nobody (-2). i.e. we do the same IP address checks for * AUTHNULL as for AUTHUNIX, and that is done here. */ |
1da177e4c Linux-2.6.12-rc2 |
27 28 |
struct unix_domain { struct auth_domain h; |
1da177e4c Linux-2.6.12-rc2 |
29 30 |
/* other stuff later */ }; |
13e0e958e svcauth_unix.c: q... |
31 |
extern struct auth_ops svcauth_null; |
efc36aa56 [PATCH] knfsd: Ch... |
32 |
extern struct auth_ops svcauth_unix; |
8b3e07ac9 svcrpc: fix rare ... |
33 34 35 36 37 38 39 |
static void svcauth_unix_domain_release(struct auth_domain *dom) { struct unix_domain *ud = container_of(dom, struct unix_domain, h); kfree(dom->name); kfree(ud); } |
1da177e4c Linux-2.6.12-rc2 |
40 41 |
struct auth_domain *unix_domain_find(char *name) { |
efc36aa56 [PATCH] knfsd: Ch... |
42 43 44 45 46 |
struct auth_domain *rv; struct unix_domain *new = NULL; rv = auth_domain_lookup(name, NULL); while(1) { |
ad1b5229d [PATCH] knfsd: Ti... |
47 48 |
if (rv) { if (new && rv != &new->h) |
352b5d13c svcrpc: fix bad a... |
49 |
svcauth_unix_domain_release(&new->h); |
ad1b5229d [PATCH] knfsd: Ti... |
50 51 52 53 54 |
if (rv->flavour != &svcauth_unix) { auth_domain_put(rv); return NULL; } |
efc36aa56 [PATCH] knfsd: Ch... |
55 56 |
return rv; } |
efc36aa56 [PATCH] knfsd: Ch... |
57 58 59 60 61 62 |
new = kmalloc(sizeof(*new), GFP_KERNEL); if (new == NULL) return NULL; kref_init(&new->h.ref); new->h.name = kstrdup(name, GFP_KERNEL); |
dd08d6ea4 [PATCH] knfsd: Do... |
63 64 65 66 |
if (new->h.name == NULL) { kfree(new); return NULL; } |
efc36aa56 [PATCH] knfsd: Ch... |
67 |
new->h.flavour = &svcauth_unix; |
efc36aa56 [PATCH] knfsd: Ch... |
68 |
rv = auth_domain_lookup(name, &new->h); |
1da177e4c Linux-2.6.12-rc2 |
69 |
} |
1da177e4c Linux-2.6.12-rc2 |
70 |
} |
24c3767e4 SUNRPC: The sunrp... |
71 |
EXPORT_SYMBOL_GPL(unix_domain_find); |
1da177e4c Linux-2.6.12-rc2 |
72 |
|
1da177e4c Linux-2.6.12-rc2 |
73 74 75 76 77 78 79 |
/************************************************** * cache for IP address to unix_domain * as needed by AUTH_UNIX */ #define IP_HASHBITS 8 #define IP_HASHMAX (1<<IP_HASHBITS) |
1da177e4c Linux-2.6.12-rc2 |
80 81 82 83 |
struct ip_map { struct cache_head h; char m_class[8]; /* e.g. "nfsd" */ |
f15364bd4 IPv6 support for ... |
84 |
struct in6_addr m_addr; |
1da177e4c Linux-2.6.12-rc2 |
85 |
struct unix_domain *m_client; |
1da177e4c Linux-2.6.12-rc2 |
86 |
}; |
1da177e4c Linux-2.6.12-rc2 |
87 |
|
baab935ff [PATCH] knfsd: Co... |
88 |
static void ip_map_put(struct kref *kref) |
1da177e4c Linux-2.6.12-rc2 |
89 |
{ |
baab935ff [PATCH] knfsd: Co... |
90 |
struct cache_head *item = container_of(kref, struct cache_head, ref); |
1da177e4c Linux-2.6.12-rc2 |
91 |
struct ip_map *im = container_of(item, struct ip_map,h); |
baab935ff [PATCH] knfsd: Co... |
92 93 94 95 96 |
if (test_bit(CACHE_VALID, &item->flags) && !test_bit(CACHE_NEGATIVE, &item->flags)) auth_domain_put(&im->m_client->h); kfree(im); |
1da177e4c Linux-2.6.12-rc2 |
97 |
} |
1f1e030bf [PATCH] knfsd: fi... |
98 99 100 101 102 |
#if IP_HASHBITS == 8 /* hash_long on a 64 bit machine is currently REALLY BAD for * IP addresses in reverse-endian (i.e. on a little-endian machine). * So use a trivial but reliable hash instead */ |
4806126d7 [SUNRPC]: annotat... |
103 |
static inline int hash_ip(__be32 ip) |
1f1e030bf [PATCH] knfsd: fi... |
104 |
{ |
4806126d7 [SUNRPC]: annotat... |
105 |
int hash = (__force u32)ip ^ ((__force u32)ip>>16); |
1f1e030bf [PATCH] knfsd: fi... |
106 107 108 |
return (hash ^ (hash>>8)) & 0xff; } #endif |
f15364bd4 IPv6 support for ... |
109 110 111 112 113 114 115 |
static inline int hash_ip6(struct in6_addr ip) { return (hash_ip(ip.s6_addr32[0]) ^ hash_ip(ip.s6_addr32[1]) ^ hash_ip(ip.s6_addr32[2]) ^ hash_ip(ip.s6_addr32[3])); } |
1a9917c2d [PATCH] knfsd: Co... |
116 |
static int ip_map_match(struct cache_head *corig, struct cache_head *cnew) |
1da177e4c Linux-2.6.12-rc2 |
117 |
{ |
1a9917c2d [PATCH] knfsd: Co... |
118 119 |
struct ip_map *orig = container_of(corig, struct ip_map, h); struct ip_map *new = container_of(cnew, struct ip_map, h); |
f64f9e719 net: Move && and ... |
120 121 |
return strcmp(orig->m_class, new->m_class) == 0 && ipv6_addr_equal(&orig->m_addr, &new->m_addr); |
1da177e4c Linux-2.6.12-rc2 |
122 |
} |
1a9917c2d [PATCH] knfsd: Co... |
123 |
static void ip_map_init(struct cache_head *cnew, struct cache_head *citem) |
1da177e4c Linux-2.6.12-rc2 |
124 |
{ |
1a9917c2d [PATCH] knfsd: Co... |
125 126 |
struct ip_map *new = container_of(cnew, struct ip_map, h); struct ip_map *item = container_of(citem, struct ip_map, h); |
1da177e4c Linux-2.6.12-rc2 |
127 |
strcpy(new->m_class, item->m_class); |
4e3fd7a06 net: remove ipv6_... |
128 |
new->m_addr = item->m_addr; |
1da177e4c Linux-2.6.12-rc2 |
129 |
} |
1a9917c2d [PATCH] knfsd: Co... |
130 |
static void update(struct cache_head *cnew, struct cache_head *citem) |
1da177e4c Linux-2.6.12-rc2 |
131 |
{ |
1a9917c2d [PATCH] knfsd: Co... |
132 133 |
struct ip_map *new = container_of(cnew, struct ip_map, h); struct ip_map *item = container_of(citem, struct ip_map, h); |
efc36aa56 [PATCH] knfsd: Ch... |
134 |
kref_get(&item->m_client->h.ref); |
1da177e4c Linux-2.6.12-rc2 |
135 |
new->m_client = item->m_client; |
1da177e4c Linux-2.6.12-rc2 |
136 |
} |
1a9917c2d [PATCH] knfsd: Co... |
137 138 139 140 141 142 143 144 |
static struct cache_head *ip_map_alloc(void) { struct ip_map *i = kmalloc(sizeof(*i), GFP_KERNEL); if (i) return &i->h; else return NULL; } |
1da177e4c Linux-2.6.12-rc2 |
145 146 147 148 149 |
static void ip_map_request(struct cache_detail *cd, struct cache_head *h, char **bpp, int *blen) { |
f15364bd4 IPv6 support for ... |
150 |
char text_addr[40]; |
1da177e4c Linux-2.6.12-rc2 |
151 |
struct ip_map *im = container_of(h, struct ip_map, h); |
1da177e4c Linux-2.6.12-rc2 |
152 |
|
f15364bd4 IPv6 support for ... |
153 |
if (ipv6_addr_v4mapped(&(im->m_addr))) { |
21454aaad net: replace NIPQ... |
154 |
snprintf(text_addr, 20, "%pI4", &im->m_addr.s6_addr32[3]); |
f15364bd4 IPv6 support for ... |
155 |
} else { |
5b095d989 net: replace %p6 ... |
156 |
snprintf(text_addr, 40, "%pI6", &im->m_addr); |
f15364bd4 IPv6 support for ... |
157 |
} |
1da177e4c Linux-2.6.12-rc2 |
158 159 160 161 162 |
qword_add(bpp, blen, im->m_class); qword_add(bpp, blen, text_addr); (*bpp)[-1] = ' '; } |
bc74b4f5e SUNRPC: Allow the... |
163 164 165 166 |
static int ip_map_upcall(struct cache_detail *cd, struct cache_head *h) { return sunrpc_cache_pipe_upcall(cd, h, ip_map_request); } |
bf18ab32f sunrpc: Pass the ... |
167 168 |
static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class, struct in6_addr *addr); static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm, struct unix_domain *udom, time_t expiry); |
1da177e4c Linux-2.6.12-rc2 |
169 170 171 172 173 174 175 176 177 |
static int ip_map_parse(struct cache_detail *cd, char *mesg, int mlen) { /* class ipaddress [domainname] */ /* should be safe just to use the start of the input buffer * for scratch: */ char *buf = mesg; int len; |
1a9917c2d [PATCH] knfsd: Co... |
178 |
char class[8]; |
07396051a SUNRPC: Use rpc_p... |
179 180 181 182 183 184 |
union { struct sockaddr sa; struct sockaddr_in s4; struct sockaddr_in6 s6; } address; struct sockaddr_in6 sin6; |
1a9917c2d [PATCH] knfsd: Co... |
185 186 187 |
int err; struct ip_map *ipmp; |
1da177e4c Linux-2.6.12-rc2 |
188 189 190 191 192 193 194 195 196 |
struct auth_domain *dom; time_t expiry; if (mesg[mlen-1] != ' ') return -EINVAL; mesg[mlen-1] = 0; /* class */ |
1a9917c2d [PATCH] knfsd: Co... |
197 |
len = qword_get(&mesg, class, sizeof(class)); |
1da177e4c Linux-2.6.12-rc2 |
198 199 200 201 202 |
if (len <= 0) return -EINVAL; /* ip address */ len = qword_get(&mesg, buf, mlen); if (len <= 0) return -EINVAL; |
07396051a SUNRPC: Use rpc_p... |
203 |
if (rpc_pton(buf, len, &address.sa, sizeof(address)) == 0) |
1da177e4c Linux-2.6.12-rc2 |
204 |
return -EINVAL; |
07396051a SUNRPC: Use rpc_p... |
205 206 207 |
switch (address.sa.sa_family) { case AF_INET: /* Form a mapped IPv4 address in sin6 */ |
07396051a SUNRPC: Use rpc_p... |
208 |
sin6.sin6_family = AF_INET6; |
70dc78da2 sunrpc: Use helpe... |
209 210 |
ipv6_addr_set_v4mapped(address.s4.sin_addr.s_addr, &sin6.sin6_addr); |
07396051a SUNRPC: Use rpc_p... |
211 |
break; |
dfd56b8b3 net: use IS_ENABL... |
212 |
#if IS_ENABLED(CONFIG_IPV6) |
07396051a SUNRPC: Use rpc_p... |
213 214 215 216 217 218 219 |
case AF_INET6: memcpy(&sin6, &address.s6, sizeof(sin6)); break; #endif default: return -EINVAL; } |
cca5172a7 [NET] SUNRPC: Fix... |
220 |
|
1da177e4c Linux-2.6.12-rc2 |
221 222 223 224 225 226 227 228 229 230 231 232 233 234 |
expiry = get_expiry(&mesg); if (expiry ==0) return -EINVAL; /* domainname, or empty for NEGATIVE */ len = qword_get(&mesg, buf, mlen); if (len < 0) return -EINVAL; if (len) { dom = unix_domain_find(buf); if (dom == NULL) return -ENOENT; } else dom = NULL; |
07396051a SUNRPC: Use rpc_p... |
235 |
/* IPv6 scope IDs are ignored for now */ |
bf18ab32f sunrpc: Pass the ... |
236 |
ipmp = __ip_map_lookup(cd, class, &sin6.sin6_addr); |
1a9917c2d [PATCH] knfsd: Co... |
237 |
if (ipmp) { |
bf18ab32f sunrpc: Pass the ... |
238 |
err = __ip_map_update(cd, ipmp, |
1a9917c2d [PATCH] knfsd: Co... |
239 240 |
container_of(dom, struct unix_domain, h), expiry); |
1da177e4c Linux-2.6.12-rc2 |
241 |
} else |
1a9917c2d [PATCH] knfsd: Co... |
242 |
err = -ENOMEM; |
1da177e4c Linux-2.6.12-rc2 |
243 |
|
1da177e4c Linux-2.6.12-rc2 |
244 245 |
if (dom) auth_domain_put(dom); |
1a9917c2d [PATCH] knfsd: Co... |
246 |
|
1da177e4c Linux-2.6.12-rc2 |
247 |
cache_flush(); |
1a9917c2d [PATCH] knfsd: Co... |
248 |
return err; |
1da177e4c Linux-2.6.12-rc2 |
249 250 251 252 253 254 255 |
} static int ip_map_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) { struct ip_map *im; |
f15364bd4 IPv6 support for ... |
256 |
struct in6_addr addr; |
1da177e4c Linux-2.6.12-rc2 |
257 258 259 260 261 262 263 264 265 |
char *dom = "-no-domain-"; if (h == NULL) { seq_puts(m, "#class IP domain "); return 0; } im = container_of(h, struct ip_map, h); /* class addr domain */ |
4e3fd7a06 net: remove ipv6_... |
266 |
addr = im->m_addr; |
1da177e4c Linux-2.6.12-rc2 |
267 |
|
cca5172a7 [NET] SUNRPC: Fix... |
268 |
if (test_bit(CACHE_VALID, &h->flags) && |
1da177e4c Linux-2.6.12-rc2 |
269 270 |
!test_bit(CACHE_NEGATIVE, &h->flags)) dom = im->m_client->h.name; |
f15364bd4 IPv6 support for ... |
271 |
if (ipv6_addr_v4mapped(&addr)) { |
21454aaad net: replace NIPQ... |
272 273 274 |
seq_printf(m, "%s %pI4 %s ", im->m_class, &addr.s6_addr32[3], dom); |
f15364bd4 IPv6 support for ... |
275 |
} else { |
5b095d989 net: replace %p6 ... |
276 277 |
seq_printf(m, "%s %pI6 %s ", im->m_class, &addr, dom); |
f15364bd4 IPv6 support for ... |
278 |
} |
1da177e4c Linux-2.6.12-rc2 |
279 280 |
return 0; } |
cca5172a7 [NET] SUNRPC: Fix... |
281 |
|
1da177e4c Linux-2.6.12-rc2 |
282 |
|
bf18ab32f sunrpc: Pass the ... |
283 284 |
static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class, struct in6_addr *addr) |
1a9917c2d [PATCH] knfsd: Co... |
285 286 287 288 289 |
{ struct ip_map ip; struct cache_head *ch; strcpy(ip.m_class, class); |
4e3fd7a06 net: remove ipv6_... |
290 |
ip.m_addr = *addr; |
bf18ab32f sunrpc: Pass the ... |
291 |
ch = sunrpc_cache_lookup(cd, &ip.h, |
1a9917c2d [PATCH] knfsd: Co... |
292 |
hash_str(class, IP_HASHBITS) ^ |
f15364bd4 IPv6 support for ... |
293 |
hash_ip6(*addr)); |
1a9917c2d [PATCH] knfsd: Co... |
294 295 296 297 298 299 |
if (ch) return container_of(ch, struct ip_map, h); else return NULL; } |
1da177e4c Linux-2.6.12-rc2 |
300 |
|
352114f39 sunrpc: Add net t... |
301 302 |
static inline struct ip_map *ip_map_lookup(struct net *net, char *class, struct in6_addr *addr) |
bf18ab32f sunrpc: Pass the ... |
303 |
{ |
90d51b02f sunrpc: Make the ... |
304 305 306 307 |
struct sunrpc_net *sn; sn = net_generic(net, sunrpc_net_id); return __ip_map_lookup(sn->ip_map_cache, class, addr); |
bf18ab32f sunrpc: Pass the ... |
308 309 310 311 |
} static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm, struct unix_domain *udom, time_t expiry) |
1a9917c2d [PATCH] knfsd: Co... |
312 313 314 315 316 317 318 319 |
{ struct ip_map ip; struct cache_head *ch; ip.m_client = udom; ip.h.flags = 0; if (!udom) set_bit(CACHE_NEGATIVE, &ip.h.flags); |
1a9917c2d [PATCH] knfsd: Co... |
320 |
ip.h.expiry_time = expiry; |
bf18ab32f sunrpc: Pass the ... |
321 |
ch = sunrpc_cache_update(cd, &ip.h, &ipm->h, |
1a9917c2d [PATCH] knfsd: Co... |
322 |
hash_str(ipm->m_class, IP_HASHBITS) ^ |
f15364bd4 IPv6 support for ... |
323 |
hash_ip6(ipm->m_addr)); |
1a9917c2d [PATCH] knfsd: Co... |
324 325 |
if (!ch) return -ENOMEM; |
bf18ab32f sunrpc: Pass the ... |
326 |
cache_put(ch, cd); |
1a9917c2d [PATCH] knfsd: Co... |
327 328 |
return 0; } |
1da177e4c Linux-2.6.12-rc2 |
329 |
|
352114f39 sunrpc: Add net t... |
330 331 |
static inline int ip_map_update(struct net *net, struct ip_map *ipm, struct unix_domain *udom, time_t expiry) |
bf18ab32f sunrpc: Pass the ... |
332 |
{ |
90d51b02f sunrpc: Make the ... |
333 334 335 336 |
struct sunrpc_net *sn; sn = net_generic(net, sunrpc_net_id); return __ip_map_update(sn->ip_map_cache, ipm, udom, expiry); |
bf18ab32f sunrpc: Pass the ... |
337 |
} |
1da177e4c Linux-2.6.12-rc2 |
338 339 340 |
void svcauth_unix_purge(void) { |
90d51b02f sunrpc: Make the ... |
341 342 343 344 345 346 347 348 |
struct net *net; for_each_net(net) { struct sunrpc_net *sn; sn = net_generic(net, sunrpc_net_id); cache_purge(sn->ip_map_cache); } |
1da177e4c Linux-2.6.12-rc2 |
349 |
} |
24c3767e4 SUNRPC: The sunrp... |
350 |
EXPORT_SYMBOL_GPL(svcauth_unix_purge); |
1da177e4c Linux-2.6.12-rc2 |
351 |
|
7b2b1fee3 [PATCH] knfsd: kn... |
352 |
static inline struct ip_map * |
3be4479fd sunrpc: Pass xprt... |
353 |
ip_map_cached_get(struct svc_xprt *xprt) |
7b2b1fee3 [PATCH] knfsd: kn... |
354 |
{ |
def13d740 svc: Move the aut... |
355 |
struct ip_map *ipm = NULL; |
90d51b02f sunrpc: Make the ... |
356 |
struct sunrpc_net *sn; |
def13d740 svc: Move the aut... |
357 358 359 360 361 362 363 364 365 366 367 |
if (test_bit(XPT_CACHE_AUTH, &xprt->xpt_flags)) { spin_lock(&xprt->xpt_lock); ipm = xprt->xpt_auth_cache; if (ipm != NULL) { if (!cache_valid(&ipm->h)) { /* * The entry has been invalidated since it was * remembered, e.g. by a second mount from the * same IP address. */ |
90d51b02f sunrpc: Make the ... |
368 |
sn = net_generic(xprt->xpt_net, sunrpc_net_id); |
def13d740 svc: Move the aut... |
369 370 |
xprt->xpt_auth_cache = NULL; spin_unlock(&xprt->xpt_lock); |
90d51b02f sunrpc: Make the ... |
371 |
cache_put(&ipm->h, sn->ip_map_cache); |
def13d740 svc: Move the aut... |
372 373 374 |
return NULL; } cache_get(&ipm->h); |
7b2b1fee3 [PATCH] knfsd: kn... |
375 |
} |
def13d740 svc: Move the aut... |
376 |
spin_unlock(&xprt->xpt_lock); |
7b2b1fee3 [PATCH] knfsd: kn... |
377 378 379 380 381 |
} return ipm; } static inline void |
3be4479fd sunrpc: Pass xprt... |
382 |
ip_map_cached_put(struct svc_xprt *xprt, struct ip_map *ipm) |
7b2b1fee3 [PATCH] knfsd: kn... |
383 |
{ |
def13d740 svc: Move the aut... |
384 385 386 387 388 389 390 391 |
if (test_bit(XPT_CACHE_AUTH, &xprt->xpt_flags)) { spin_lock(&xprt->xpt_lock); if (xprt->xpt_auth_cache == NULL) { /* newly cached, keep the reference */ xprt->xpt_auth_cache = ipm; ipm = NULL; } spin_unlock(&xprt->xpt_lock); |
30f3deeee knfsd: use a spin... |
392 |
} |
90d51b02f sunrpc: Make the ... |
393 394 395 396 397 398 |
if (ipm) { struct sunrpc_net *sn; sn = net_generic(xprt->xpt_net, sunrpc_net_id); cache_put(&ipm->h, sn->ip_map_cache); } |
7b2b1fee3 [PATCH] knfsd: kn... |
399 400 401 |
} void |
e3bfca01c sunrpc: Make xprt... |
402 |
svcauth_unix_info_release(struct svc_xprt *xpt) |
7b2b1fee3 [PATCH] knfsd: kn... |
403 |
{ |
e3bfca01c sunrpc: Make xprt... |
404 405 406 |
struct ip_map *ipm; ipm = xpt->xpt_auth_cache; |
90d51b02f sunrpc: Make the ... |
407 408 409 410 411 412 |
if (ipm != NULL) { struct sunrpc_net *sn; sn = net_generic(xpt->xpt_net, sunrpc_net_id); cache_put(&ipm->h, sn->ip_map_cache); } |
7b2b1fee3 [PATCH] knfsd: kn... |
413 |
} |
3fc605a2a [PATCH] knfsd: al... |
414 415 416 417 418 419 420 |
/**************************************************************************** * auth.unix.gid cache * simple cache to map a UID to a list of GIDs * because AUTH_UNIX aka AUTH_SYS has a max of 16 */ #define GID_HASHBITS 8 #define GID_HASHMAX (1<<GID_HASHBITS) |
3fc605a2a [PATCH] knfsd: al... |
421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 |
struct unix_gid { struct cache_head h; uid_t uid; struct group_info *gi; }; static struct cache_head *gid_table[GID_HASHMAX]; static void unix_gid_put(struct kref *kref) { struct cache_head *item = container_of(kref, struct cache_head, ref); struct unix_gid *ug = container_of(item, struct unix_gid, h); if (test_bit(CACHE_VALID, &item->flags) && !test_bit(CACHE_NEGATIVE, &item->flags)) put_group_info(ug->gi); kfree(ug); } static int unix_gid_match(struct cache_head *corig, struct cache_head *cnew) { struct unix_gid *orig = container_of(corig, struct unix_gid, h); struct unix_gid *new = container_of(cnew, struct unix_gid, h); return orig->uid == new->uid; } static void unix_gid_init(struct cache_head *cnew, struct cache_head *citem) { struct unix_gid *new = container_of(cnew, struct unix_gid, h); struct unix_gid *item = container_of(citem, struct unix_gid, h); new->uid = item->uid; } static void unix_gid_update(struct cache_head *cnew, struct cache_head *citem) { struct unix_gid *new = container_of(cnew, struct unix_gid, h); struct unix_gid *item = container_of(citem, struct unix_gid, h); get_group_info(item->gi); new->gi = item->gi; } static struct cache_head *unix_gid_alloc(void) { struct unix_gid *g = kmalloc(sizeof(*g), GFP_KERNEL); if (g) return &g->h; else return NULL; } static void unix_gid_request(struct cache_detail *cd, struct cache_head *h, char **bpp, int *blen) { char tuid[20]; struct unix_gid *ug = container_of(h, struct unix_gid, h); snprintf(tuid, 20, "%u", ug->uid); qword_add(bpp, blen, tuid); (*bpp)[-1] = ' '; } |
bc74b4f5e SUNRPC: Allow the... |
480 481 482 483 |
static int unix_gid_upcall(struct cache_detail *cd, struct cache_head *h) { return sunrpc_cache_pipe_upcall(cd, h, unix_gid_request); } |
3fc605a2a [PATCH] knfsd: al... |
484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 |
static struct unix_gid *unix_gid_lookup(uid_t uid); extern struct cache_detail unix_gid_cache; static int unix_gid_parse(struct cache_detail *cd, char *mesg, int mlen) { /* uid expiry Ngid gid0 gid1 ... gidN-1 */ int uid; int gids; int rv; int i; int err; time_t expiry; struct unix_gid ug, *ugp; if (mlen <= 0 || mesg[mlen-1] != ' ') return -EINVAL; mesg[mlen-1] = 0; rv = get_int(&mesg, &uid); if (rv) return -EINVAL; ug.uid = uid; expiry = get_expiry(&mesg); if (expiry == 0) return -EINVAL; rv = get_int(&mesg, &gids); if (rv || gids < 0 || gids > 8192) return -EINVAL; ug.gi = groups_alloc(gids); if (!ug.gi) return -ENOMEM; for (i = 0 ; i < gids ; i++) { int gid; rv = get_int(&mesg, &gid); err = -EINVAL; if (rv) goto out; GROUP_AT(ug.gi, i) = gid; } ugp = unix_gid_lookup(uid); if (ugp) { struct cache_head *ch; ug.h.flags = 0; ug.h.expiry_time = expiry; ch = sunrpc_cache_update(&unix_gid_cache, &ug.h, &ugp->h, hash_long(uid, GID_HASHBITS)); if (!ch) err = -ENOMEM; else { err = 0; cache_put(ch, &unix_gid_cache); } } else err = -ENOMEM; out: if (ug.gi) put_group_info(ug.gi); return err; } static int unix_gid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) { struct unix_gid *ug; int i; int glen; if (h == NULL) { seq_puts(m, "#uid cnt: gids... "); return 0; } ug = container_of(h, struct unix_gid, h); if (test_bit(CACHE_VALID, &h->flags) && !test_bit(CACHE_NEGATIVE, &h->flags)) glen = ug->gi->ngroups; else glen = 0; |
ccdb357cc svcrpc: treat uid... |
571 |
seq_printf(m, "%u %d:", ug->uid, glen); |
3fc605a2a [PATCH] knfsd: al... |
572 573 574 575 576 577 578 579 580 581 582 583 584 |
for (i = 0; i < glen; i++) seq_printf(m, " %d", GROUP_AT(ug->gi, i)); seq_printf(m, " "); return 0; } struct cache_detail unix_gid_cache = { .owner = THIS_MODULE, .hash_size = GID_HASHMAX, .hash_table = gid_table, .name = "auth.unix.gid", .cache_put = unix_gid_put, |
bc74b4f5e SUNRPC: Allow the... |
585 |
.cache_upcall = unix_gid_upcall, |
3fc605a2a [PATCH] knfsd: al... |
586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 |
.cache_parse = unix_gid_parse, .cache_show = unix_gid_show, .match = unix_gid_match, .init = unix_gid_init, .update = unix_gid_update, .alloc = unix_gid_alloc, }; static struct unix_gid *unix_gid_lookup(uid_t uid) { struct unix_gid ug; struct cache_head *ch; ug.uid = uid; ch = sunrpc_cache_lookup(&unix_gid_cache, &ug.h, hash_long(uid, GID_HASHBITS)); if (ch) return container_of(ch, struct unix_gid, h); else return NULL; } |
dc83d6e27 nfsd4: don't try ... |
607 |
static struct group_info *unix_gid_find(uid_t uid, struct svc_rqst *rqstp) |
3fc605a2a [PATCH] knfsd: al... |
608 |
{ |
dc83d6e27 nfsd4: don't try ... |
609 610 611 612 613 |
struct unix_gid *ug; struct group_info *gi; int ret; ug = unix_gid_lookup(uid); |
3fc605a2a [PATCH] knfsd: al... |
614 |
if (!ug) |
dc83d6e27 nfsd4: don't try ... |
615 616 617 |
return ERR_PTR(-EAGAIN); ret = cache_check(&unix_gid_cache, &ug->h, &rqstp->rq_chandle); switch (ret) { |
3fc605a2a [PATCH] knfsd: al... |
618 |
case -ENOENT: |
dc83d6e27 nfsd4: don't try ... |
619 |
return ERR_PTR(-ENOENT); |
1ebede86b sunrpc: close con... |
620 621 |
case -ETIMEDOUT: return ERR_PTR(-ESHUTDOWN); |
3fc605a2a [PATCH] knfsd: al... |
622 |
case 0: |
dc83d6e27 nfsd4: don't try ... |
623 |
gi = get_group_info(ug->gi); |
560ab42ef sunrpc: fix memor... |
624 |
cache_put(&ug->h, &unix_gid_cache); |
dc83d6e27 nfsd4: don't try ... |
625 |
return gi; |
3fc605a2a [PATCH] knfsd: al... |
626 |
default: |
dc83d6e27 nfsd4: don't try ... |
627 |
return ERR_PTR(-EAGAIN); |
3fc605a2a [PATCH] knfsd: al... |
628 629 |
} } |
3ab4d8b12 knfsd: nfsd: set ... |
630 |
int |
1da177e4c Linux-2.6.12-rc2 |
631 632 |
svcauth_unix_set_client(struct svc_rqst *rqstp) { |
f15364bd4 IPv6 support for ... |
633 634 |
struct sockaddr_in *sin; struct sockaddr_in6 *sin6, sin6_storage; |
1a9917c2d [PATCH] knfsd: Co... |
635 |
struct ip_map *ipm; |
dc83d6e27 nfsd4: don't try ... |
636 637 |
struct group_info *gi; struct svc_cred *cred = &rqstp->rq_cred; |
3be4479fd sunrpc: Pass xprt... |
638 |
struct svc_xprt *xprt = rqstp->rq_xprt; |
90d51b02f sunrpc: Make the ... |
639 640 |
struct net *net = xprt->xpt_net; struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); |
1da177e4c Linux-2.6.12-rc2 |
641 |
|
f15364bd4 IPv6 support for ... |
642 643 644 645 |
switch (rqstp->rq_addr.ss_family) { case AF_INET: sin = svc_addr_in(rqstp); sin6 = &sin6_storage; |
b301e82cf IPv6: use ipv6_ad... |
646 |
ipv6_addr_set_v4mapped(sin->sin_addr.s_addr, &sin6->sin6_addr); |
f15364bd4 IPv6 support for ... |
647 648 649 650 651 652 653 |
break; case AF_INET6: sin6 = svc_addr_in6(rqstp); break; default: BUG(); } |
1da177e4c Linux-2.6.12-rc2 |
654 655 656 |
rqstp->rq_client = NULL; if (rqstp->rq_proc == 0) return SVC_OK; |
3be4479fd sunrpc: Pass xprt... |
657 |
ipm = ip_map_cached_get(xprt); |
7b2b1fee3 [PATCH] knfsd: kn... |
658 |
if (ipm == NULL) |
90d51b02f sunrpc: Make the ... |
659 |
ipm = __ip_map_lookup(sn->ip_map_cache, rqstp->rq_server->sv_program->pg_class, |
f15364bd4 IPv6 support for ... |
660 |
&sin6->sin6_addr); |
1da177e4c Linux-2.6.12-rc2 |
661 662 663 |
if (ipm == NULL) return SVC_DENIED; |
90d51b02f sunrpc: Make the ... |
664 |
switch (cache_check(sn->ip_map_cache, &ipm->h, &rqstp->rq_chandle)) { |
1da177e4c Linux-2.6.12-rc2 |
665 666 |
default: BUG(); |
e0bb89ef0 [PATCH] knfsd: nf... |
667 |
case -ETIMEDOUT: |
1ebede86b sunrpc: close con... |
668 669 |
return SVC_CLOSE; case -EAGAIN: |
1da177e4c Linux-2.6.12-rc2 |
670 671 672 673 674 |
return SVC_DROP; case -ENOENT: return SVC_DENIED; case 0: rqstp->rq_client = &ipm->m_client->h; |
efc36aa56 [PATCH] knfsd: Ch... |
675 |
kref_get(&rqstp->rq_client->ref); |
3be4479fd sunrpc: Pass xprt... |
676 |
ip_map_cached_put(xprt, ipm); |
1da177e4c Linux-2.6.12-rc2 |
677 678 |
break; } |
dc83d6e27 nfsd4: don't try ... |
679 680 681 682 683 |
gi = unix_gid_find(cred->cr_uid, rqstp); switch (PTR_ERR(gi)) { case -EAGAIN: return SVC_DROP; |
1ebede86b sunrpc: close con... |
684 685 |
case -ESHUTDOWN: return SVC_CLOSE; |
dc83d6e27 nfsd4: don't try ... |
686 687 688 689 690 691 |
case -ENOENT: break; default: put_group_info(cred->cr_group_info); cred->cr_group_info = gi; } |
1da177e4c Linux-2.6.12-rc2 |
692 693 |
return SVC_OK; } |
24c3767e4 SUNRPC: The sunrp... |
694 |
EXPORT_SYMBOL_GPL(svcauth_unix_set_client); |
3ab4d8b12 knfsd: nfsd: set ... |
695 |
|
1da177e4c Linux-2.6.12-rc2 |
696 |
static int |
d8ed029d6 [SUNRPC]: trivial... |
697 |
svcauth_null_accept(struct svc_rqst *rqstp, __be32 *authp) |
1da177e4c Linux-2.6.12-rc2 |
698 699 700 701 702 703 704 705 706 707 |
{ struct kvec *argv = &rqstp->rq_arg.head[0]; struct kvec *resv = &rqstp->rq_res.head[0]; struct svc_cred *cred = &rqstp->rq_cred; cred->cr_group_info = NULL; rqstp->rq_client = NULL; if (argv->iov_len < 3*4) return SVC_GARBAGE; |
cca5172a7 [NET] SUNRPC: Fix... |
708 |
if (svc_getu32(argv) != 0) { |
1da177e4c Linux-2.6.12-rc2 |
709 710 711 712 713 |
dprintk("svc: bad null cred "); *authp = rpc_autherr_badcred; return SVC_DENIED; } |
769943130 [SUNRPC]: svc_{ge... |
714 |
if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { |
1da177e4c Linux-2.6.12-rc2 |
715 716 717 718 719 720 721 722 723 724 725 |
dprintk("svc: bad null verf "); *authp = rpc_autherr_badverf; return SVC_DENIED; } /* Signal that mapping to nobody uid/gid is required */ cred->cr_uid = (uid_t) -1; cred->cr_gid = (gid_t) -1; cred->cr_group_info = groups_alloc(0); if (cred->cr_group_info == NULL) |
1ebede86b sunrpc: close con... |
726 |
return SVC_CLOSE; /* kmalloc failure - client must retry */ |
1da177e4c Linux-2.6.12-rc2 |
727 728 |
/* Put NULL verifier */ |
769943130 [SUNRPC]: svc_{ge... |
729 730 |
svc_putnl(resv, RPC_AUTH_NULL); svc_putnl(resv, 0); |
1da177e4c Linux-2.6.12-rc2 |
731 |
|
c4170583f knfsd: nfsd4: sto... |
732 |
rqstp->rq_flavor = RPC_AUTH_NULL; |
1da177e4c Linux-2.6.12-rc2 |
733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 |
return SVC_OK; } static int svcauth_null_release(struct svc_rqst *rqstp) { if (rqstp->rq_client) auth_domain_put(rqstp->rq_client); rqstp->rq_client = NULL; if (rqstp->rq_cred.cr_group_info) put_group_info(rqstp->rq_cred.cr_group_info); rqstp->rq_cred.cr_group_info = NULL; return 0; /* don't drop */ } struct auth_ops svcauth_null = { .name = "null", .owner = THIS_MODULE, .flavour = RPC_AUTH_NULL, .accept = svcauth_null_accept, .release = svcauth_null_release, .set_client = svcauth_unix_set_client, }; static int |
d8ed029d6 [SUNRPC]: trivial... |
761 |
svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp) |
1da177e4c Linux-2.6.12-rc2 |
762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 |
{ struct kvec *argv = &rqstp->rq_arg.head[0]; struct kvec *resv = &rqstp->rq_res.head[0]; struct svc_cred *cred = &rqstp->rq_cred; u32 slen, i; int len = argv->iov_len; cred->cr_group_info = NULL; rqstp->rq_client = NULL; if ((len -= 3*4) < 0) return SVC_GARBAGE; svc_getu32(argv); /* length */ svc_getu32(argv); /* time stamp */ |
769943130 [SUNRPC]: svc_{ge... |
777 |
slen = XDR_QUADLEN(svc_getnl(argv)); /* machname length */ |
1da177e4c Linux-2.6.12-rc2 |
778 779 |
if (slen > 64 || (len -= (slen + 3)*4) < 0) goto badcred; |
d8ed029d6 [SUNRPC]: trivial... |
780 |
argv->iov_base = (void*)((__be32*)argv->iov_base + slen); /* skip machname */ |
1da177e4c Linux-2.6.12-rc2 |
781 |
argv->iov_len -= slen*4; |
769943130 [SUNRPC]: svc_{ge... |
782 783 784 |
cred->cr_uid = svc_getnl(argv); /* uid */ cred->cr_gid = svc_getnl(argv); /* gid */ slen = svc_getnl(argv); /* gids length */ |
1da177e4c Linux-2.6.12-rc2 |
785 786 |
if (slen > 16 || (len -= (slen + 2)*4) < 0) goto badcred; |
dc83d6e27 nfsd4: don't try ... |
787 788 |
cred->cr_group_info = groups_alloc(slen); if (cred->cr_group_info == NULL) |
1ebede86b sunrpc: close con... |
789 |
return SVC_CLOSE; |
dc83d6e27 nfsd4: don't try ... |
790 791 |
for (i = 0; i < slen; i++) GROUP_AT(cred->cr_group_info, i) = svc_getnl(argv); |
769943130 [SUNRPC]: svc_{ge... |
792 |
if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { |
1da177e4c Linux-2.6.12-rc2 |
793 794 795 796 797 |
*authp = rpc_autherr_badverf; return SVC_DENIED; } /* Put NULL verifier */ |
769943130 [SUNRPC]: svc_{ge... |
798 799 |
svc_putnl(resv, RPC_AUTH_NULL); svc_putnl(resv, 0); |
1da177e4c Linux-2.6.12-rc2 |
800 |
|
c4170583f knfsd: nfsd4: sto... |
801 |
rqstp->rq_flavor = RPC_AUTH_UNIX; |
1da177e4c Linux-2.6.12-rc2 |
802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 |
return SVC_OK; badcred: *authp = rpc_autherr_badcred; return SVC_DENIED; } static int svcauth_unix_release(struct svc_rqst *rqstp) { /* Verifier (such as it is) is already in place. */ if (rqstp->rq_client) auth_domain_put(rqstp->rq_client); rqstp->rq_client = NULL; if (rqstp->rq_cred.cr_group_info) put_group_info(rqstp->rq_cred.cr_group_info); rqstp->rq_cred.cr_group_info = NULL; return 0; } struct auth_ops svcauth_unix = { .name = "unix", .owner = THIS_MODULE, .flavour = RPC_AUTH_UNIX, .accept = svcauth_unix_accept, .release = svcauth_unix_release, .domain_release = svcauth_unix_domain_release, .set_client = svcauth_unix_set_client, }; |
90d51b02f sunrpc: Make the ... |
834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 |
int ip_map_cache_create(struct net *net) { int err = -ENOMEM; struct cache_detail *cd; struct cache_head **tbl; struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); cd = kzalloc(sizeof(struct cache_detail), GFP_KERNEL); if (cd == NULL) goto err_cd; tbl = kzalloc(IP_HASHMAX * sizeof(struct cache_head *), GFP_KERNEL); if (tbl == NULL) goto err_tbl; cd->owner = THIS_MODULE, cd->hash_size = IP_HASHMAX, cd->hash_table = tbl, cd->name = "auth.unix.ip", cd->cache_put = ip_map_put, cd->cache_upcall = ip_map_upcall, cd->cache_parse = ip_map_parse, cd->cache_show = ip_map_show, cd->match = ip_map_match, cd->init = ip_map_init, cd->update = update, cd->alloc = ip_map_alloc, err = cache_register_net(cd, net); if (err) goto err_reg; sn->ip_map_cache = cd; return 0; err_reg: kfree(tbl); err_tbl: kfree(cd); err_cd: return err; } void ip_map_cache_destroy(struct net *net) { struct sunrpc_net *sn; sn = net_generic(net, sunrpc_net_id); cache_purge(sn->ip_map_cache); cache_unregister_net(sn->ip_map_cache, net); kfree(sn->ip_map_cache->hash_table); kfree(sn->ip_map_cache); } |