Blame view
net/sunrpc/auth_unix.c
5.99 KB
b24413180 License cleanup: ... |
1 |
// SPDX-License-Identifier: GPL-2.0 |
1da177e4c Linux-2.6.12-rc2 |
2 3 4 5 6 7 8 |
/* * linux/net/sunrpc/auth_unix.c * * UNIX-style authentication; no AUTH_SHORT support * * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de> */ |
5a0e3ad6a include cleanup: ... |
9 |
#include <linux/slab.h> |
1da177e4c Linux-2.6.12-rc2 |
10 11 12 |
#include <linux/types.h> #include <linux/sched.h> #include <linux/module.h> |
1da177e4c Linux-2.6.12-rc2 |
13 14 |
#include <linux/sunrpc/clnt.h> #include <linux/sunrpc/auth.h> |
ae2975bc3 userns: Convert g... |
15 |
#include <linux/user_namespace.h> |
1da177e4c Linux-2.6.12-rc2 |
16 |
|
1da177e4c Linux-2.6.12-rc2 |
17 18 |
struct unx_cred { struct rpc_cred uc_base; |
7eaf040b7 sunrpc: Use kuid_... |
19 |
kgid_t uc_gid; |
5786461bd sunrpc: rename NF... |
20 |
kgid_t uc_gids[UNX_NGROUPS]; |
1da177e4c Linux-2.6.12-rc2 |
21 22 |
}; #define uc_uid uc_base.cr_uid |
1da177e4c Linux-2.6.12-rc2 |
23 |
|
f895b252d sunrpc: eliminate... |
24 |
#if IS_ENABLED(CONFIG_SUNRPC_DEBUG) |
1da177e4c Linux-2.6.12-rc2 |
25 26 27 28 |
# define RPCDBG_FACILITY RPCDBG_AUTH #endif static struct rpc_auth unix_auth; |
f1c0a8615 SUNRPC: Mark auth... |
29 |
static const struct rpc_credops unix_credops; |
1da177e4c Linux-2.6.12-rc2 |
30 31 |
static struct rpc_auth * |
c21906610 SUNRPC: Replace c... |
32 |
unx_create(struct rpc_auth_create_args *args, struct rpc_clnt *clnt) |
1da177e4c Linux-2.6.12-rc2 |
33 |
{ |
46121cf7d SUNRPC: fix print... |
34 35 36 |
dprintk("RPC: creating UNIX authenticator for client %p ", clnt); |
f5c2187cf SUNRPC: Convert t... |
37 |
atomic_inc(&unix_auth.au_count); |
1da177e4c Linux-2.6.12-rc2 |
38 39 40 41 42 43 |
return &unix_auth; } static void unx_destroy(struct rpc_auth *auth) { |
46121cf7d SUNRPC: fix print... |
44 45 |
dprintk("RPC: destroying UNIX authenticator %p ", auth); |
3ab9bb724 SUNRPC: Fix a mem... |
46 |
rpcauth_clear_credcache(auth->au_credcache); |
1da177e4c Linux-2.6.12-rc2 |
47 |
} |
1e035d065 sunrpc: add auth_... |
48 49 50 51 52 53 54 |
static int unx_hash_cred(struct auth_cred *acred, unsigned int hashbits) { return hash_64(from_kgid(&init_user_ns, acred->gid) | ((u64)from_kuid(&init_user_ns, acred->uid) << (sizeof(gid_t) * 8)), hashbits); } |
1da177e4c Linux-2.6.12-rc2 |
55 56 57 58 59 60 |
/* * Lookup AUTH_UNIX creds for current process */ static struct rpc_cred * unx_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) { |
3c6e0bc8a sunrpc: plumb gfp... |
61 |
return rpcauth_lookup_credcache(auth, acred, flags, GFP_NOFS); |
1da177e4c Linux-2.6.12-rc2 |
62 63 64 |
} static struct rpc_cred * |
3c6e0bc8a sunrpc: plumb gfp... |
65 |
unx_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags, gfp_t gfp) |
1da177e4c Linux-2.6.12-rc2 |
66 67 |
{ struct unx_cred *cred; |
af0938357 SUNRPC: Fix RPCAU... |
68 69 |
unsigned int groups = 0; unsigned int i; |
1da177e4c Linux-2.6.12-rc2 |
70 |
|
46121cf7d SUNRPC: fix print... |
71 72 |
dprintk("RPC: allocating UNIX cred for uid %d gid %d ", |
cdba321e2 sunrpc: Convert k... |
73 74 |
from_kuid(&init_user_ns, acred->uid), from_kgid(&init_user_ns, acred->gid)); |
1da177e4c Linux-2.6.12-rc2 |
75 |
|
3c6e0bc8a sunrpc: plumb gfp... |
76 |
if (!(cred = kmalloc(sizeof(*cred), gfp))) |
1da177e4c Linux-2.6.12-rc2 |
77 |
return ERR_PTR(-ENOMEM); |
5fe4755e2 SUNRPC: Clean up ... |
78 |
rpcauth_init_cred(&cred->uc_base, acred, auth, &unix_credops); |
fc432dd90 SUNRPC: Enforce a... |
79 |
cred->uc_base.cr_flags = 1UL << RPCAUTH_CRED_UPTODATE; |
af0938357 SUNRPC: Fix RPCAU... |
80 81 82 |
if (acred->group_info != NULL) groups = acred->group_info->ngroups; |
5786461bd sunrpc: rename NF... |
83 84 |
if (groups > UNX_NGROUPS) groups = UNX_NGROUPS; |
af0938357 SUNRPC: Fix RPCAU... |
85 86 |
cred->uc_gid = acred->gid; |
9132adb02 sunrpc: Simplify ... |
87 |
for (i = 0; i < groups; i++) |
81243eacf cred: simpler, 1D... |
88 |
cred->uc_gids[i] = acred->group_info->gid[i]; |
5786461bd sunrpc: rename NF... |
89 |
if (i < UNX_NGROUPS) |
bf37f7943 sunrpc: Use usern... |
90 |
cred->uc_gids[i] = INVALID_GID; |
1da177e4c Linux-2.6.12-rc2 |
91 |
|
696e38df9 SUNRPC: replace c... |
92 |
return &cred->uc_base; |
1da177e4c Linux-2.6.12-rc2 |
93 94 95 |
} static void |
31be5bf15 SUNRPC: Convert t... |
96 |
unx_free_cred(struct unx_cred *unx_cred) |
1da177e4c Linux-2.6.12-rc2 |
97 |
{ |
31be5bf15 SUNRPC: Convert t... |
98 99 100 101 |
dprintk("RPC: unx_free_cred %p ", unx_cred); kfree(unx_cred); } |
696e38df9 SUNRPC: replace c... |
102 |
|
31be5bf15 SUNRPC: Convert t... |
103 104 105 106 107 108 109 110 111 112 113 |
static void unx_free_cred_callback(struct rcu_head *head) { struct unx_cred *unx_cred = container_of(head, struct unx_cred, uc_base.cr_rcu); unx_free_cred(unx_cred); } static void unx_destroy_cred(struct rpc_cred *cred) { call_rcu(&cred->cr_rcu, unx_free_cred_callback); |
1da177e4c Linux-2.6.12-rc2 |
114 115 116 117 118 119 120 121 |
} /* * Match credentials against current process creds. * The root_override argument takes care of cases where the caller may * request root creds (e.g. for NFS swapping). */ static int |
8a3177604 SUNRPC: Fix a loc... |
122 |
unx_match(struct auth_cred *acred, struct rpc_cred *rcred, int flags) |
1da177e4c Linux-2.6.12-rc2 |
123 |
{ |
696e38df9 SUNRPC: replace c... |
124 |
struct unx_cred *cred = container_of(rcred, struct unx_cred, uc_base); |
af0938357 SUNRPC: Fix RPCAU... |
125 126 |
unsigned int groups = 0; unsigned int i; |
1da177e4c Linux-2.6.12-rc2 |
127 |
|
1da177e4c Linux-2.6.12-rc2 |
128 |
|
0b4d51b02 sunrpc: Use uid_e... |
129 |
if (!uid_eq(cred->uc_uid, acred->uid) || !gid_eq(cred->uc_gid, acred->gid)) |
af0938357 SUNRPC: Fix RPCAU... |
130 |
return 0; |
1da177e4c Linux-2.6.12-rc2 |
131 |
|
af0938357 SUNRPC: Fix RPCAU... |
132 |
if (acred->group_info != NULL) |
1da177e4c Linux-2.6.12-rc2 |
133 |
groups = acred->group_info->ngroups; |
5786461bd sunrpc: rename NF... |
134 135 |
if (groups > UNX_NGROUPS) groups = UNX_NGROUPS; |
9132adb02 sunrpc: Simplify ... |
136 |
for (i = 0; i < groups ; i++) |
81243eacf cred: simpler, 1D... |
137 |
if (!gid_eq(cred->uc_gids[i], acred->group_info->gid[i])) |
af0938357 SUNRPC: Fix RPCAU... |
138 |
return 0; |
5786461bd sunrpc: rename NF... |
139 |
if (groups < UNX_NGROUPS && gid_valid(cred->uc_gids[groups])) |
dc6f55e9f NFS/sunrpc: don't... |
140 |
return 0; |
af0938357 SUNRPC: Fix RPCAU... |
141 |
return 1; |
1da177e4c Linux-2.6.12-rc2 |
142 143 144 145 146 147 |
} /* * Marshal credentials. * Maybe we should keep a cached credential for performance reasons. */ |
d8ed029d6 [SUNRPC]: trivial... |
148 149 |
static __be32 * unx_marshal(struct rpc_task *task, __be32 *p) |
1da177e4c Linux-2.6.12-rc2 |
150 151 |
{ struct rpc_clnt *clnt = task->tk_client; |
a17c2153d SUNRPC: Move the ... |
152 |
struct unx_cred *cred = container_of(task->tk_rqstp->rq_cred, struct unx_cred, uc_base); |
d8ed029d6 [SUNRPC]: trivial... |
153 |
__be32 *base, *hold; |
1da177e4c Linux-2.6.12-rc2 |
154 155 156 157 158 159 160 161 162 163 |
int i; *p++ = htonl(RPC_AUTH_UNIX); base = p++; *p++ = htonl(jiffies/HZ); /* * Copy the UTS nodename captured when the client was created. */ p = xdr_encode_array(p, clnt->cl_nodename, clnt->cl_nodelen); |
a570abbb9 sunrpc: Properly ... |
164 165 |
*p++ = htonl((u32) from_kuid(&init_user_ns, cred->uc_uid)); *p++ = htonl((u32) from_kgid(&init_user_ns, cred->uc_gid)); |
1da177e4c Linux-2.6.12-rc2 |
166 |
hold = p++; |
5786461bd sunrpc: rename NF... |
167 |
for (i = 0; i < UNX_NGROUPS && gid_valid(cred->uc_gids[i]); i++) |
a570abbb9 sunrpc: Properly ... |
168 |
*p++ = htonl((u32) from_kgid(&init_user_ns, cred->uc_gids[i])); |
1da177e4c Linux-2.6.12-rc2 |
169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 |
*hold = htonl(p - hold - 1); /* gid array length */ *base = htonl((p - base - 1) << 2); /* cred length */ *p++ = htonl(RPC_AUTH_NULL); *p++ = htonl(0); return p; } /* * Refresh credentials. This is a no-op for AUTH_UNIX */ static int unx_refresh(struct rpc_task *task) { |
a17c2153d SUNRPC: Move the ... |
184 |
set_bit(RPCAUTH_CRED_UPTODATE, &task->tk_rqstp->rq_cred->cr_flags); |
1da177e4c Linux-2.6.12-rc2 |
185 186 |
return 0; } |
d8ed029d6 [SUNRPC]: trivial... |
187 188 |
static __be32 * unx_validate(struct rpc_task *task, __be32 *p) |
1da177e4c Linux-2.6.12-rc2 |
189 190 191 192 193 194 195 196 197 198 |
{ rpc_authflavor_t flavor; u32 size; flavor = ntohl(*p++); if (flavor != RPC_AUTH_NULL && flavor != RPC_AUTH_UNIX && flavor != RPC_AUTH_SHORT) { printk("RPC: bad verf flavor: %u ", flavor); |
35fa5f7b3 SUNRPC refactor r... |
199 |
return ERR_PTR(-EIO); |
1da177e4c Linux-2.6.12-rc2 |
200 201 202 203 204 205 |
} size = ntohl(*p++); if (size > RPC_MAX_AUTH_SIZE) { printk("RPC: giant verf size: %u ", size); |
35fa5f7b3 SUNRPC refactor r... |
206 |
return ERR_PTR(-EIO); |
1da177e4c Linux-2.6.12-rc2 |
207 |
} |
a17c2153d SUNRPC: Move the ... |
208 |
task->tk_rqstp->rq_cred->cr_auth->au_rslack = (size >> 2) + 2; |
1da177e4c Linux-2.6.12-rc2 |
209 210 211 212 |
p += (size >> 2); return p; } |
5d8d9a4d9 NFS: Ensure the A... |
213 |
int __init rpc_init_authunix(void) |
9499b4341 SUNRPC: Give cred... |
214 |
{ |
5d8d9a4d9 NFS: Ensure the A... |
215 216 217 218 219 220 |
return rpcauth_init_credcache(&unix_auth); } void rpc_destroy_authunix(void) { rpcauth_destroy_credcache(&unix_auth); |
9499b4341 SUNRPC: Give cred... |
221 |
} |
f1c0a8615 SUNRPC: Mark auth... |
222 |
const struct rpc_authops authunix_ops = { |
1da177e4c Linux-2.6.12-rc2 |
223 224 |
.owner = THIS_MODULE, .au_flavor = RPC_AUTH_UNIX, |
1da177e4c Linux-2.6.12-rc2 |
225 |
.au_name = "UNIX", |
1da177e4c Linux-2.6.12-rc2 |
226 227 |
.create = unx_create, .destroy = unx_destroy, |
1e035d065 sunrpc: add auth_... |
228 |
.hash_cred = unx_hash_cred, |
1da177e4c Linux-2.6.12-rc2 |
229 230 231 232 233 |
.lookup_cred = unx_lookup_cred, .crcreate = unx_create_cred, }; static |
1da177e4c Linux-2.6.12-rc2 |
234 |
struct rpc_auth unix_auth = { |
4500632f6 nfsd: Lower NFSv4... |
235 236 |
.au_cslack = UNX_CALLSLACK, .au_rslack = NUL_REPLYSLACK, |
ce52914eb sunrpc: move NO_C... |
237 |
.au_flags = RPCAUTH_AUTH_NO_CRKEY_TIMEOUT, |
1da177e4c Linux-2.6.12-rc2 |
238 |
.au_ops = &authunix_ops, |
81039f1f2 NFS: Display the ... |
239 |
.au_flavor = RPC_AUTH_UNIX, |
1da177e4c Linux-2.6.12-rc2 |
240 |
.au_count = ATOMIC_INIT(0), |
1da177e4c Linux-2.6.12-rc2 |
241 242 243 |
}; static |
f1c0a8615 SUNRPC: Mark auth... |
244 |
const struct rpc_credops unix_credops = { |
1da177e4c Linux-2.6.12-rc2 |
245 246 |
.cr_name = "AUTH_UNIX", .crdestroy = unx_destroy_cred, |
5c691044e SUNRPC: Add an rp... |
247 |
.crbind = rpcauth_generic_bind_cred, |
1da177e4c Linux-2.6.12-rc2 |
248 249 250 251 252 |
.crmatch = unx_match, .crmarshal = unx_marshal, .crrefresh = unx_refresh, .crvalidate = unx_validate, }; |