auth_unix.c 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240
  1. /*
  2. * linux/net/sunrpc/auth_unix.c
  3. *
  4. * UNIX-style authentication; no AUTH_SHORT support
  5. *
  6. * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>
  7. */
  8. #include <linux/types.h>
  9. #include <linux/sched.h>
  10. #include <linux/module.h>
  11. #include <linux/sunrpc/clnt.h>
  12. #include <linux/sunrpc/auth.h>
  13. #define NFS_NGROUPS 16
  14. struct unx_cred {
  15. struct rpc_cred uc_base;
  16. gid_t uc_gid;
  17. gid_t uc_gids[NFS_NGROUPS];
  18. };
  19. #define uc_uid uc_base.cr_uid
  20. #define uc_count uc_base.cr_count
  21. #define uc_flags uc_base.cr_flags
  22. #define uc_expire uc_base.cr_expire
  23. #define UNX_CRED_EXPIRE (60 * HZ)
  24. #define UNX_WRITESLACK (21 + (UNX_MAXNODENAME >> 2))
  25. #ifdef RPC_DEBUG
  26. # define RPCDBG_FACILITY RPCDBG_AUTH
  27. #endif
  28. static struct rpc_auth unix_auth;
  29. static struct rpc_cred_cache unix_cred_cache;
  30. static struct rpc_credops unix_credops;
  31. static struct rpc_auth *
  32. unx_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
  33. {
  34. dprintk("RPC: creating UNIX authenticator for client %p\n", clnt);
  35. if (atomic_inc_return(&unix_auth.au_count) == 0)
  36. unix_cred_cache.nextgc = jiffies + (unix_cred_cache.expire >> 1);
  37. return &unix_auth;
  38. }
  39. static void
  40. unx_destroy(struct rpc_auth *auth)
  41. {
  42. dprintk("RPC: destroying UNIX authenticator %p\n", auth);
  43. rpcauth_free_credcache(auth);
  44. }
  45. /*
  46. * Lookup AUTH_UNIX creds for current process
  47. */
  48. static struct rpc_cred *
  49. unx_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
  50. {
  51. return rpcauth_lookup_credcache(auth, acred, flags);
  52. }
  53. static struct rpc_cred *
  54. unx_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
  55. {
  56. struct unx_cred *cred;
  57. int i;
  58. dprintk("RPC: allocating UNIX cred for uid %d gid %d\n",
  59. acred->uid, acred->gid);
  60. if (!(cred = kmalloc(sizeof(*cred), GFP_KERNEL)))
  61. return ERR_PTR(-ENOMEM);
  62. atomic_set(&cred->uc_count, 1);
  63. cred->uc_flags = RPCAUTH_CRED_UPTODATE;
  64. if (flags & RPCAUTH_LOOKUP_ROOTCREDS) {
  65. cred->uc_uid = 0;
  66. cred->uc_gid = 0;
  67. cred->uc_gids[0] = NOGROUP;
  68. } else {
  69. int groups = acred->group_info->ngroups;
  70. if (groups > NFS_NGROUPS)
  71. groups = NFS_NGROUPS;
  72. cred->uc_uid = acred->uid;
  73. cred->uc_gid = acred->gid;
  74. for (i = 0; i < groups; i++)
  75. cred->uc_gids[i] = GROUP_AT(acred->group_info, i);
  76. if (i < NFS_NGROUPS)
  77. cred->uc_gids[i] = NOGROUP;
  78. }
  79. cred->uc_base.cr_ops = &unix_credops;
  80. return (struct rpc_cred *) cred;
  81. }
  82. static void
  83. unx_destroy_cred(struct rpc_cred *cred)
  84. {
  85. kfree(cred);
  86. }
  87. /*
  88. * Match credentials against current process creds.
  89. * The root_override argument takes care of cases where the caller may
  90. * request root creds (e.g. for NFS swapping).
  91. */
  92. static int
  93. unx_match(struct auth_cred *acred, struct rpc_cred *rcred, int flags)
  94. {
  95. struct unx_cred *cred = (struct unx_cred *) rcred;
  96. int i;
  97. if (!(flags & RPCAUTH_LOOKUP_ROOTCREDS)) {
  98. int groups;
  99. if (cred->uc_uid != acred->uid
  100. || cred->uc_gid != acred->gid)
  101. return 0;
  102. groups = acred->group_info->ngroups;
  103. if (groups > NFS_NGROUPS)
  104. groups = NFS_NGROUPS;
  105. for (i = 0; i < groups ; i++)
  106. if (cred->uc_gids[i] != GROUP_AT(acred->group_info, i))
  107. return 0;
  108. return 1;
  109. }
  110. return (cred->uc_uid == 0
  111. && cred->uc_gid == 0
  112. && cred->uc_gids[0] == (gid_t) NOGROUP);
  113. }
  114. /*
  115. * Marshal credentials.
  116. * Maybe we should keep a cached credential for performance reasons.
  117. */
  118. static u32 *
  119. unx_marshal(struct rpc_task *task, u32 *p)
  120. {
  121. struct rpc_clnt *clnt = task->tk_client;
  122. struct unx_cred *cred = (struct unx_cred *) task->tk_msg.rpc_cred;
  123. u32 *base, *hold;
  124. int i;
  125. *p++ = htonl(RPC_AUTH_UNIX);
  126. base = p++;
  127. *p++ = htonl(jiffies/HZ);
  128. /*
  129. * Copy the UTS nodename captured when the client was created.
  130. */
  131. p = xdr_encode_array(p, clnt->cl_nodename, clnt->cl_nodelen);
  132. *p++ = htonl((u32) cred->uc_uid);
  133. *p++ = htonl((u32) cred->uc_gid);
  134. hold = p++;
  135. for (i = 0; i < 16 && cred->uc_gids[i] != (gid_t) NOGROUP; i++)
  136. *p++ = htonl((u32) cred->uc_gids[i]);
  137. *hold = htonl(p - hold - 1); /* gid array length */
  138. *base = htonl((p - base - 1) << 2); /* cred length */
  139. *p++ = htonl(RPC_AUTH_NULL);
  140. *p++ = htonl(0);
  141. return p;
  142. }
  143. /*
  144. * Refresh credentials. This is a no-op for AUTH_UNIX
  145. */
  146. static int
  147. unx_refresh(struct rpc_task *task)
  148. {
  149. task->tk_msg.rpc_cred->cr_flags |= RPCAUTH_CRED_UPTODATE;
  150. return 0;
  151. }
  152. static u32 *
  153. unx_validate(struct rpc_task *task, u32 *p)
  154. {
  155. rpc_authflavor_t flavor;
  156. u32 size;
  157. flavor = ntohl(*p++);
  158. if (flavor != RPC_AUTH_NULL &&
  159. flavor != RPC_AUTH_UNIX &&
  160. flavor != RPC_AUTH_SHORT) {
  161. printk("RPC: bad verf flavor: %u\n", flavor);
  162. return NULL;
  163. }
  164. size = ntohl(*p++);
  165. if (size > RPC_MAX_AUTH_SIZE) {
  166. printk("RPC: giant verf size: %u\n", size);
  167. return NULL;
  168. }
  169. task->tk_auth->au_rslack = (size >> 2) + 2;
  170. p += (size >> 2);
  171. return p;
  172. }
  173. struct rpc_authops authunix_ops = {
  174. .owner = THIS_MODULE,
  175. .au_flavor = RPC_AUTH_UNIX,
  176. #ifdef RPC_DEBUG
  177. .au_name = "UNIX",
  178. #endif
  179. .create = unx_create,
  180. .destroy = unx_destroy,
  181. .lookup_cred = unx_lookup_cred,
  182. .crcreate = unx_create_cred,
  183. };
  184. static
  185. struct rpc_cred_cache unix_cred_cache = {
  186. .expire = UNX_CRED_EXPIRE,
  187. };
  188. static
  189. struct rpc_auth unix_auth = {
  190. .au_cslack = UNX_WRITESLACK,
  191. .au_rslack = 2, /* assume AUTH_NULL verf */
  192. .au_ops = &authunix_ops,
  193. .au_count = ATOMIC_INIT(0),
  194. .au_credcache = &unix_cred_cache,
  195. };
  196. static
  197. struct rpc_credops unix_credops = {
  198. .cr_name = "AUTH_UNIX",
  199. .crdestroy = unx_destroy_cred,
  200. .crmatch = unx_match,
  201. .crmarshal = unx_marshal,
  202. .crrefresh = unx_refresh,
  203. .crvalidate = unx_validate,
  204. };