release/src-rt-6.x.4708/linux/linux-2.6.36/fs/nfsd/auth.c

   1 /* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> */
   2
   3 #include <linux/sched.h>
   4 #include "nfsd.h"
   5 #include "auth.h"
   6
   7 int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
   8 {
   9         struct exp_flavor_info *f;
  10         struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
  11
  12         for (f = exp->ex_flavors; f < end; f++) {
  13                 if (f->pseudoflavor == rqstp->rq_flavor)
  14                         return f->flags;
  15         }
  16         return exp->ex_flags;
  17
  18 }
  19
  20 int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
  21 {
  22         struct group_info *rqgi;
  23         struct group_info *gi;
  24         struct cred *new;
  25         int i;
  26         int flags = nfsexp_flags(rqstp, exp);
  27         int ret;
  28
  29         validate_process_creds();
  30
  31         /* discard any old override before preparing the new set */
  32         revert_creds(get_cred(current->real_cred));
  33         new = prepare_creds();
  34         if (!new)
  35                 return -ENOMEM;
  36
  37         new->fsuid = rqstp->rq_cred.cr_uid;
  38         new->fsgid = rqstp->rq_cred.cr_gid;
  39
  40         rqgi = rqstp->rq_cred.cr_group_info;
  41
  42         if (flags & NFSEXP_ALLSQUASH) {
  43                 new->fsuid = exp->ex_anon_uid;
  44                 new->fsgid = exp->ex_anon_gid;
  45                 gi = groups_alloc(0);
  46                 if (!gi)
  47                         goto oom;
  48         } else if (flags & NFSEXP_ROOTSQUASH) {
  49                 if (!new->fsuid)
  50                         new->fsuid = exp->ex_anon_uid;
  51                 if (!new->fsgid)
  52                         new->fsgid = exp->ex_anon_gid;
  53
  54                 gi = groups_alloc(rqgi->ngroups);
  55                 if (!gi)
  56                         goto oom;
  57
  58                 for (i = 0; i < rqgi->ngroups; i++) {
  59                         if (!GROUP_AT(rqgi, i))
  60                                 GROUP_AT(gi, i) = exp->ex_anon_gid;
  61                         else
  62                                 GROUP_AT(gi, i) = GROUP_AT(rqgi, i);
  63                 }
  64         } else {
  65                 gi = get_group_info(rqgi);
  66         }
  67
  68         if (new->fsuid == (uid_t) -1)
  69                 new->fsuid = exp->ex_anon_uid;
  70         if (new->fsgid == (gid_t) -1)
  71                 new->fsgid = exp->ex_anon_gid;
  72
  73         ret = set_groups(new, gi);
  74         put_group_info(gi);
  75         if (ret < 0)
  76                 goto error;
  77
  78         if (new->fsuid)
  79                 new->cap_effective = cap_drop_nfsd_set(new->cap_effective);
  80         else
  81                 new->cap_effective = cap_raise_nfsd_set(new->cap_effective,
  82                                                         new->cap_permitted);
  83         validate_process_creds();
  84         put_cred(override_creds(new));
  85         put_cred(new);
  86         validate_process_creds();
  87         return 0;
  88
  89 oom:
  90         ret = -ENOMEM;
  91 error:
  92         abort_creds(new);
  93         return ret;
  94 }