search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
keyctl_session_to_parent(): use thread_group_empty() to check singlethreadness
[linux-2.6.git] / net / sunrpc / auth_generic.c
blob8f623b0f03dd3880bb57a96fce0b7951b572294c
1 /*
2 * Generic RPC credential
3 *
4 * Copyright (C) 2008, Trond Myklebust <Trond.Myklebust@netapp.com>
5 */
6
7 #include <linux/err.h>
8 #include <linux/slab.h>
9 #include <linux/types.h>
10 #include <linux/module.h>
11 #include <linux/sched.h>
12 #include <linux/sunrpc/auth.h>
13 #include <linux/sunrpc/clnt.h>
14 #include <linux/sunrpc/debug.h>
15 #include <linux/sunrpc/sched.h>
16
17 #ifdef RPC_DEBUG
18 # define RPCDBG_FACILITY RPCDBG_AUTH
19 #endif
20
21 #define RPC_MACHINE_CRED_USERID ((uid_t)0)
22 #define RPC_MACHINE_CRED_GROUPID ((gid_t)0)
23
24 struct generic_cred {
25 struct rpc_cred gc_base;
26 struct auth_cred acred;
27 };
28
29 static struct rpc_auth generic_auth;
30 static struct rpc_cred_cache generic_cred_cache;
31 static const struct rpc_credops generic_credops;
32
33 /*
34 * Public call interface
35 */
36 struct rpc_cred *rpc_lookup_cred(void)
37 {
38 return rpcauth_lookupcred(&generic_auth, 0);
39 }
40 EXPORT_SYMBOL_GPL(rpc_lookup_cred);
41
42 /*
43 * Public call interface for looking up machine creds.
44 */
45 struct rpc_cred *rpc_lookup_machine_cred(void)
46 {
47 struct auth_cred acred = {
48 .uid = RPC_MACHINE_CRED_USERID,
49 .gid = RPC_MACHINE_CRED_GROUPID,
50 .machine_cred = 1,
51 };
52
53 dprintk("RPC: looking up machine cred\n");
54 return generic_auth.au_ops->lookup_cred(&generic_auth, &acred, 0);
55 }
56 EXPORT_SYMBOL_GPL(rpc_lookup_machine_cred);
57
58 static void
59 generic_bind_cred(struct rpc_task *task, struct rpc_cred *cred, int lookupflags)
60 {
61 struct rpc_auth *auth = task->tk_client->cl_auth;
62 struct auth_cred *acred = &container_of(cred, struct generic_cred, gc_base)->acred;
63 struct rpc_cred *ret;
64
65 ret = auth->au_ops->lookup_cred(auth, acred, lookupflags);
66 if (!IS_ERR(ret))
67 task->tk_msg.rpc_cred = ret;
68 else
69 task->tk_status = PTR_ERR(ret);
70 }
71
72 /*
73 * Lookup generic creds for current process
74 */
75 static struct rpc_cred *
76 generic_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
77 {
78 return rpcauth_lookup_credcache(&generic_auth, acred, flags);
79 }
80
81 static struct rpc_cred *
82 generic_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
83 {
84 struct generic_cred *gcred;
85
86 gcred = kmalloc(sizeof(*gcred), GFP_KERNEL);
87 if (gcred == NULL)
88 return ERR_PTR(-ENOMEM);
89
90 rpcauth_init_cred(&gcred->gc_base, acred, &generic_auth, &generic_credops);
91 gcred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_UPTODATE;
92
93 gcred->acred.uid = acred->uid;
94 gcred->acred.gid = acred->gid;
95 gcred->acred.group_info = acred->group_info;
96 if (gcred->acred.group_info != NULL)
97 get_group_info(gcred->acred.group_info);
98 gcred->acred.machine_cred = acred->machine_cred;
99
100 dprintk("RPC: allocated %s cred %p for uid %d gid %d\n",
101 gcred->acred.machine_cred ? "machine" : "generic",
102 gcred, acred->uid, acred->gid);
103 return &gcred->gc_base;
104 }
105
106 static void
107 generic_free_cred(struct rpc_cred *cred)
108 {
109 struct generic_cred *gcred = container_of(cred, struct generic_cred, gc_base);
110
111 dprintk("RPC: generic_free_cred %p\n", gcred);
112 if (gcred->acred.group_info != NULL)
113 put_group_info(gcred->acred.group_info);
114 kfree(gcred);
115 }
116
117 static void
118 generic_free_cred_callback(struct rcu_head *head)
119 {
120 struct rpc_cred *cred = container_of(head, struct rpc_cred, cr_rcu);
121 generic_free_cred(cred);
122 }
123
124 static void
125 generic_destroy_cred(struct rpc_cred *cred)
126 {
127 call_rcu(&cred->cr_rcu, generic_free_cred_callback);
128 }
129
130 /*
131 * Match credentials against current process creds.
132 */
133 static int
134 generic_match(struct auth_cred *acred, struct rpc_cred *cred, int flags)
135 {
136 struct generic_cred *gcred = container_of(cred, struct generic_cred, gc_base);
137 int i;
138
139 if (gcred->acred.uid != acred->uid ||
140 gcred->acred.gid != acred->gid ||
141 gcred->acred.machine_cred != acred->machine_cred)
142 goto out_nomatch;
143
144 /* Optimisation in the case where pointers are identical... */
145 if (gcred->acred.group_info == acred->group_info)
146 goto out_match;
147
148 /* Slow path... */
149 if (gcred->acred.group_info->ngroups != acred->group_info->ngroups)
150 goto out_nomatch;
151 for (i = 0; i < gcred->acred.group_info->ngroups; i++) {
152 if (GROUP_AT(gcred->acred.group_info, i) !=
153 GROUP_AT(acred->group_info, i))
154 goto out_nomatch;
155 }
156 out_match:
157 return 1;
158 out_nomatch:
159 return 0;
160 }
161
162 void __init rpc_init_generic_auth(void)
163 {
164 spin_lock_init(&generic_cred_cache.lock);
165 }
166
167 void __exit rpc_destroy_generic_auth(void)
168 {
169 rpcauth_clear_credcache(&generic_cred_cache);
170 }
171
172 static struct rpc_cred_cache generic_cred_cache = {
173 {{ NULL, },},
174 };
175
176 static const struct rpc_authops generic_auth_ops = {
177 .owner = THIS_MODULE,
178 .au_name = "Generic",
179 .lookup_cred = generic_lookup_cred,
180 .crcreate = generic_create_cred,
181 };
182
183 static struct rpc_auth generic_auth = {
184 .au_ops = &generic_auth_ops,
185 .au_count = ATOMIC_INIT(0),
186 .au_credcache = &generic_cred_cache,
187 };
188
189 static const struct rpc_credops generic_credops = {
190 .cr_name = "Generic cred",
191 .crdestroy = generic_destroy_cred,
192 .crbind = generic_bind_cred,
193 .crmatch = generic_match,
194 };
Linus' kernel tree