fs/nfsd/auth.c

   1 /*
   2  * linux/fs/nfsd/auth.c
   3  *
   4  * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
   5  */
   6
   7 #include <linux/types.h>
   8 #include <linux/sched.h>
   9 #include <linux/sunrpc/svc.h>
  10 #include <linux/sunrpc/svcauth.h>
  11 #include <linux/nfsd/nfsd.h>
  12 #include <linux/nfsd/export.h>
  13
  14 #define CAP_NFSD_MASK (CAP_FS_MASK|CAP_TO_MASK(CAP_SYS_RESOURCE))
  15
  16 int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
  17 {
  18         struct exp_flavor_info *f;
  19         struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
  20
  21         for (f = exp->ex_flavors; f < end; f++) {
  22                 if (f->pseudoflavor == rqstp->rq_flavor)
  23                         return f->flags;
  24         }
  25         return exp->ex_flags;
  26
  27 }
  28
  29 int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
  30 {
  31         struct svc_cred cred = rqstp->rq_cred;
  32         int i;
  33         int flags = nfsexp_flags(rqstp, exp);
  34         int ret;
  35
  36         if (flags & NFSEXP_ALLSQUASH) {
  37                 cred.cr_uid = exp->ex_anon_uid;
  38                 cred.cr_gid = exp->ex_anon_gid;
  39                 cred.cr_group_info = groups_alloc(0);
  40         } else if (flags & NFSEXP_ROOTSQUASH) {
  41                 struct group_info *gi;
  42                 if (!cred.cr_uid)
  43                         cred.cr_uid = exp->ex_anon_uid;
  44                 if (!cred.cr_gid)
  45                         cred.cr_gid = exp->ex_anon_gid;
  46                 gi = groups_alloc(cred.cr_group_info->ngroups);
  47                 if (gi)
  48                         for (i = 0; i < cred.cr_group_info->ngroups; i++) {
  49                                 if (!GROUP_AT(cred.cr_group_info, i))
  50                                         GROUP_AT(gi, i) = exp->ex_anon_gid;
  51                                 else
  52                                         GROUP_AT(gi, i) = GROUP_AT(cred.cr_group_info, i);
  53                         }
  54                 cred.cr_group_info = gi;
  55         } else
  56                 get_group_info(cred.cr_group_info);
  57
  58         if (cred.cr_uid != (uid_t) -1)
  59                 current->fsuid = cred.cr_uid;
  60         else
  61                 current->fsuid = exp->ex_anon_uid;
  62         if (cred.cr_gid != (gid_t) -1)
  63                 current->fsgid = cred.cr_gid;
  64         else
  65                 current->fsgid = exp->ex_anon_gid;
  66
  67         if (!cred.cr_group_info)
  68                 return -ENOMEM;
  69         ret = set_current_groups(cred.cr_group_info);
  70         put_group_info(cred.cr_group_info);
  71         if ((cred.cr_uid)) {
  72                 cap_t(current->cap_effective) &= ~CAP_NFSD_MASK;
  73         } else {
  74                 cap_t(current->cap_effective) |= (CAP_NFSD_MASK &
  75                                                   current->cap_permitted);
  76         }
  77         return ret;
  78 }