search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
nfsd: provide callbacks on svc_xprt deletion
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / sunrpc / svcauth_unix.c
blob8b378f91f255f34a14b51b73407d9a022cbc0591
1 #include <linux/types.h>
2 #include <linux/sched.h>
3 #include <linux/module.h>
4 #include <linux/sunrpc/types.h>
5 #include <linux/sunrpc/xdr.h>
6 #include <linux/sunrpc/svcsock.h>
7 #include <linux/sunrpc/svcauth.h>
8 #include <linux/sunrpc/gss_api.h>
9 #include <linux/err.h>
10 #include <linux/seq_file.h>
11 #include <linux/hash.h>
12 #include <linux/string.h>
13 #include <linux/slab.h>
14 #include <net/sock.h>
15 #include <net/ipv6.h>
16 #include <linux/kernel.h>
17 #define RPCDBG_FACILITY RPCDBG_AUTH
18
19 #include <linux/sunrpc/clnt.h>
20
21 #include "netns.h"
22
23 /*
24 * AUTHUNIX and AUTHNULL credentials are both handled here.
25 * AUTHNULL is treated just like AUTHUNIX except that the uid/gid
26 * are always nobody (-2). i.e. we do the same IP address checks for
27 * AUTHNULL as for AUTHUNIX, and that is done here.
28 */
29
30
31 struct unix_domain {
32 struct auth_domain h;
33 int addr_changes;
34 /* other stuff later */
35 };
36
37 extern struct auth_ops svcauth_unix;
38
39 struct auth_domain *unix_domain_find(char *name)
40 {
41 struct auth_domain *rv;
42 struct unix_domain *new = NULL;
43
44 rv = auth_domain_lookup(name, NULL);
45 while(1) {
46 if (rv) {
47 if (new && rv != &new->h)
48 auth_domain_put(&new->h);
49
50 if (rv->flavour != &svcauth_unix) {
51 auth_domain_put(rv);
52 return NULL;
53 }
54 return rv;
55 }
56
57 new = kmalloc(sizeof(*new), GFP_KERNEL);
58 if (new == NULL)
59 return NULL;
60 kref_init(&new->h.ref);
61 new->h.name = kstrdup(name, GFP_KERNEL);
62 if (new->h.name == NULL) {
63 kfree(new);
64 return NULL;
65 }
66 new->h.flavour = &svcauth_unix;
67 new->addr_changes = 0;
68 rv = auth_domain_lookup(name, &new->h);
69 }
70 }
71 EXPORT_SYMBOL_GPL(unix_domain_find);
72
73 static void svcauth_unix_domain_release(struct auth_domain *dom)
74 {
75 struct unix_domain *ud = container_of(dom, struct unix_domain, h);
76
77 kfree(dom->name);
78 kfree(ud);
79 }
80
81
82 /**************************************************
83 * cache for IP address to unix_domain
84 * as needed by AUTH_UNIX
85 */
86 #define IP_HASHBITS 8
87 #define IP_HASHMAX (1<<IP_HASHBITS)
88 #define IP_HASHMASK (IP_HASHMAX-1)
89
90 struct ip_map {
91 struct cache_head h;
92 char m_class[8]; /* e.g. "nfsd" */
93 struct in6_addr m_addr;
94 struct unix_domain *m_client;
95 int m_add_change;
96 };
97
98 static void ip_map_put(struct kref *kref)
99 {
100 struct cache_head *item = container_of(kref, struct cache_head, ref);
101 struct ip_map *im = container_of(item, struct ip_map,h);
102
103 if (test_bit(CACHE_VALID, &item->flags) &&
104 !test_bit(CACHE_NEGATIVE, &item->flags))
105 auth_domain_put(&im->m_client->h);
106 kfree(im);
107 }
108
109 #if IP_HASHBITS == 8
110 /* hash_long on a 64 bit machine is currently REALLY BAD for
111 * IP addresses in reverse-endian (i.e. on a little-endian machine).
112 * So use a trivial but reliable hash instead
113 */
114 static inline int hash_ip(__be32 ip)
115 {
116 int hash = (__force u32)ip ^ ((__force u32)ip>>16);
117 return (hash ^ (hash>>8)) & 0xff;
118 }
119 #endif
120 static inline int hash_ip6(struct in6_addr ip)
121 {
122 return (hash_ip(ip.s6_addr32[0]) ^
123 hash_ip(ip.s6_addr32[1]) ^
124 hash_ip(ip.s6_addr32[2]) ^
125 hash_ip(ip.s6_addr32[3]));
126 }
127 static int ip_map_match(struct cache_head *corig, struct cache_head *cnew)
128 {
129 struct ip_map *orig = container_of(corig, struct ip_map, h);
130 struct ip_map *new = container_of(cnew, struct ip_map, h);
131 return strcmp(orig->m_class, new->m_class) == 0 &&
132 ipv6_addr_equal(&orig->m_addr, &new->m_addr);
133 }
134 static void ip_map_init(struct cache_head *cnew, struct cache_head *citem)
135 {
136 struct ip_map *new = container_of(cnew, struct ip_map, h);
137 struct ip_map *item = container_of(citem, struct ip_map, h);
138
139 strcpy(new->m_class, item->m_class);
140 ipv6_addr_copy(&new->m_addr, &item->m_addr);
141 }
142 static void update(struct cache_head *cnew, struct cache_head *citem)
143 {
144 struct ip_map *new = container_of(cnew, struct ip_map, h);
145 struct ip_map *item = container_of(citem, struct ip_map, h);
146
147 kref_get(&item->m_client->h.ref);
148 new->m_client = item->m_client;
149 new->m_add_change = item->m_add_change;
150 }
151 static struct cache_head *ip_map_alloc(void)
152 {
153 struct ip_map *i = kmalloc(sizeof(*i), GFP_KERNEL);
154 if (i)
155 return &i->h;
156 else
157 return NULL;
158 }
159
160 static void ip_map_request(struct cache_detail *cd,
161 struct cache_head *h,
162 char **bpp, int *blen)
163 {
164 char text_addr[40];
165 struct ip_map *im = container_of(h, struct ip_map, h);
166
167 if (ipv6_addr_v4mapped(&(im->m_addr))) {
168 snprintf(text_addr, 20, "%pI4", &im->m_addr.s6_addr32[3]);
169 } else {
170 snprintf(text_addr, 40, "%pI6", &im->m_addr);
171 }
172 qword_add(bpp, blen, im->m_class);
173 qword_add(bpp, blen, text_addr);
174 (*bpp)[-1] = '\n';
175 }
176
177 static int ip_map_upcall(struct cache_detail *cd, struct cache_head *h)
178 {
179 return sunrpc_cache_pipe_upcall(cd, h, ip_map_request);
180 }
181
182 static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class, struct in6_addr *addr);
183 static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm, struct unix_domain *udom, time_t expiry);
184
185 static int ip_map_parse(struct cache_detail *cd,
186 char *mesg, int mlen)
187 {
188 /* class ipaddress [domainname] */
189 /* should be safe just to use the start of the input buffer
190 * for scratch: */
191 char *buf = mesg;
192 int len;
193 char class[8];
194 union {
195 struct sockaddr sa;
196 struct sockaddr_in s4;
197 struct sockaddr_in6 s6;
198 } address;
199 struct sockaddr_in6 sin6;
200 int err;
201
202 struct ip_map *ipmp;
203 struct auth_domain *dom;
204 time_t expiry;
205
206 if (mesg[mlen-1] != '\n')
207 return -EINVAL;
208 mesg[mlen-1] = 0;
209
210 /* class */
211 len = qword_get(&mesg, class, sizeof(class));
212 if (len <= 0) return -EINVAL;
213
214 /* ip address */
215 len = qword_get(&mesg, buf, mlen);
216 if (len <= 0) return -EINVAL;
217
218 if (rpc_pton(buf, len, &address.sa, sizeof(address)) == 0)
219 return -EINVAL;
220 switch (address.sa.sa_family) {
221 case AF_INET:
222 /* Form a mapped IPv4 address in sin6 */
223 memset(&sin6, 0, sizeof(sin6));
224 sin6.sin6_family = AF_INET6;
225 sin6.sin6_addr.s6_addr32[2] = htonl(0xffff);
226 sin6.sin6_addr.s6_addr32[3] = address.s4.sin_addr.s_addr;
227 break;
228 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
229 case AF_INET6:
230 memcpy(&sin6, &address.s6, sizeof(sin6));
231 break;
232 #endif
233 default:
234 return -EINVAL;
235 }
236
237 expiry = get_expiry(&mesg);
238 if (expiry ==0)
239 return -EINVAL;
240
241 /* domainname, or empty for NEGATIVE */
242 len = qword_get(&mesg, buf, mlen);
243 if (len < 0) return -EINVAL;
244
245 if (len) {
246 dom = unix_domain_find(buf);
247 if (dom == NULL)
248 return -ENOENT;
249 } else
250 dom = NULL;
251
252 /* IPv6 scope IDs are ignored for now */
253 ipmp = __ip_map_lookup(cd, class, &sin6.sin6_addr);
254 if (ipmp) {
255 err = __ip_map_update(cd, ipmp,
256 container_of(dom, struct unix_domain, h),
257 expiry);
258 } else
259 err = -ENOMEM;
260
261 if (dom)
262 auth_domain_put(dom);
263
264 cache_flush();
265 return err;
266 }
267
268 static int ip_map_show(struct seq_file *m,
269 struct cache_detail *cd,
270 struct cache_head *h)
271 {
272 struct ip_map *im;
273 struct in6_addr addr;
274 char *dom = "-no-domain-";
275
276 if (h == NULL) {
277 seq_puts(m, "#class IP domain\n");
278 return 0;
279 }
280 im = container_of(h, struct ip_map, h);
281 /* class addr domain */
282 ipv6_addr_copy(&addr, &im->m_addr);
283
284 if (test_bit(CACHE_VALID, &h->flags) &&
285 !test_bit(CACHE_NEGATIVE, &h->flags))
286 dom = im->m_client->h.name;
287
288 if (ipv6_addr_v4mapped(&addr)) {
289 seq_printf(m, "%s %pI4 %s\n",
290 im->m_class, &addr.s6_addr32[3], dom);
291 } else {
292 seq_printf(m, "%s %pI6 %s\n", im->m_class, &addr, dom);
293 }
294 return 0;
295 }
296
297
298 static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class,
299 struct in6_addr *addr)
300 {
301 struct ip_map ip;
302 struct cache_head *ch;
303
304 strcpy(ip.m_class, class);
305 ipv6_addr_copy(&ip.m_addr, addr);
306 ch = sunrpc_cache_lookup(cd, &ip.h,
307 hash_str(class, IP_HASHBITS) ^
308 hash_ip6(*addr));
309
310 if (ch)
311 return container_of(ch, struct ip_map, h);
312 else
313 return NULL;
314 }
315
316 static inline struct ip_map *ip_map_lookup(struct net *net, char *class,
317 struct in6_addr *addr)
318 {
319 struct sunrpc_net *sn;
320
321 sn = net_generic(net, sunrpc_net_id);
322 return __ip_map_lookup(sn->ip_map_cache, class, addr);
323 }
324
325 static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm,
326 struct unix_domain *udom, time_t expiry)
327 {
328 struct ip_map ip;
329 struct cache_head *ch;
330
331 ip.m_client = udom;
332 ip.h.flags = 0;
333 if (!udom)
334 set_bit(CACHE_NEGATIVE, &ip.h.flags);
335 else {
336 ip.m_add_change = udom->addr_changes;
337 /* if this is from the legacy set_client system call,
338 * we need m_add_change to be one higher
339 */
340 if (expiry == NEVER)
341 ip.m_add_change++;
342 }
343 ip.h.expiry_time = expiry;
344 ch = sunrpc_cache_update(cd, &ip.h, &ipm->h,
345 hash_str(ipm->m_class, IP_HASHBITS) ^
346 hash_ip6(ipm->m_addr));
347 if (!ch)
348 return -ENOMEM;
349 cache_put(ch, cd);
350 return 0;
351 }
352
353 static inline int ip_map_update(struct net *net, struct ip_map *ipm,
354 struct unix_domain *udom, time_t expiry)
355 {
356 struct sunrpc_net *sn;
357
358 sn = net_generic(net, sunrpc_net_id);
359 return __ip_map_update(sn->ip_map_cache, ipm, udom, expiry);
360 }
361
362 int auth_unix_add_addr(struct net *net, struct in6_addr *addr, struct auth_domain *dom)
363 {
364 struct unix_domain *udom;
365 struct ip_map *ipmp;
366
367 if (dom->flavour != &svcauth_unix)
368 return -EINVAL;
369 udom = container_of(dom, struct unix_domain, h);
370 ipmp = ip_map_lookup(net, "nfsd", addr);
371
372 if (ipmp)
373 return ip_map_update(net, ipmp, udom, NEVER);
374 else
375 return -ENOMEM;
376 }
377 EXPORT_SYMBOL_GPL(auth_unix_add_addr);
378
379 int auth_unix_forget_old(struct auth_domain *dom)
380 {
381 struct unix_domain *udom;
382
383 if (dom->flavour != &svcauth_unix)
384 return -EINVAL;
385 udom = container_of(dom, struct unix_domain, h);
386 udom->addr_changes++;
387 return 0;
388 }
389 EXPORT_SYMBOL_GPL(auth_unix_forget_old);
390
391 struct auth_domain *auth_unix_lookup(struct net *net, struct in6_addr *addr)
392 {
393 struct ip_map *ipm;
394 struct auth_domain *rv;
395 struct sunrpc_net *sn;
396
397 sn = net_generic(net, sunrpc_net_id);
398 ipm = ip_map_lookup(net, "nfsd", addr);
399
400 if (!ipm)
401 return NULL;
402 if (cache_check(sn->ip_map_cache, &ipm->h, NULL))
403 return NULL;
404
405 if ((ipm->m_client->addr_changes - ipm->m_add_change) >0) {
406 if (test_and_set_bit(CACHE_NEGATIVE, &ipm->h.flags) == 0)
407 auth_domain_put(&ipm->m_client->h);
408 rv = NULL;
409 } else {
410 rv = &ipm->m_client->h;
411 kref_get(&rv->ref);
412 }
413 cache_put(&ipm->h, sn->ip_map_cache);
414 return rv;
415 }
416 EXPORT_SYMBOL_GPL(auth_unix_lookup);
417
418 void svcauth_unix_purge(void)
419 {
420 struct net *net;
421
422 for_each_net(net) {
423 struct sunrpc_net *sn;
424
425 sn = net_generic(net, sunrpc_net_id);
426 cache_purge(sn->ip_map_cache);
427 }
428 }
429 EXPORT_SYMBOL_GPL(svcauth_unix_purge);
430
431 static inline struct ip_map *
432 ip_map_cached_get(struct svc_xprt *xprt)
433 {
434 struct ip_map *ipm = NULL;
435 struct sunrpc_net *sn;
436
437 if (test_bit(XPT_CACHE_AUTH, &xprt->xpt_flags)) {
438 spin_lock(&xprt->xpt_lock);
439 ipm = xprt->xpt_auth_cache;
440 if (ipm != NULL) {
441 if (!cache_valid(&ipm->h)) {
442 /*
443 * The entry has been invalidated since it was
444 * remembered, e.g. by a second mount from the
445 * same IP address.
446 */
447 sn = net_generic(xprt->xpt_net, sunrpc_net_id);
448 xprt->xpt_auth_cache = NULL;
449 spin_unlock(&xprt->xpt_lock);
450 cache_put(&ipm->h, sn->ip_map_cache);
451 return NULL;
452 }
453 cache_get(&ipm->h);
454 }
455 spin_unlock(&xprt->xpt_lock);
456 }
457 return ipm;
458 }
459
460 static inline void
461 ip_map_cached_put(struct svc_xprt *xprt, struct ip_map *ipm)
462 {
463 if (test_bit(XPT_CACHE_AUTH, &xprt->xpt_flags)) {
464 spin_lock(&xprt->xpt_lock);
465 if (xprt->xpt_auth_cache == NULL) {
466 /* newly cached, keep the reference */
467 xprt->xpt_auth_cache = ipm;
468 ipm = NULL;
469 }
470 spin_unlock(&xprt->xpt_lock);
471 }
472 if (ipm) {
473 struct sunrpc_net *sn;
474
475 sn = net_generic(xprt->xpt_net, sunrpc_net_id);
476 cache_put(&ipm->h, sn->ip_map_cache);
477 }
478 }
479
480 void
481 svcauth_unix_info_release(struct svc_xprt *xpt)
482 {
483 struct ip_map *ipm;
484
485 ipm = xpt->xpt_auth_cache;
486 if (ipm != NULL) {
487 struct sunrpc_net *sn;
488
489 sn = net_generic(xpt->xpt_net, sunrpc_net_id);
490 cache_put(&ipm->h, sn->ip_map_cache);
491 }
492 }
493
494 /****************************************************************************
495 * auth.unix.gid cache
496 * simple cache to map a UID to a list of GIDs
497 * because AUTH_UNIX aka AUTH_SYS has a max of 16
498 */
499 #define GID_HASHBITS 8
500 #define GID_HASHMAX (1<<GID_HASHBITS)
501 #define GID_HASHMASK (GID_HASHMAX - 1)
502
503 struct unix_gid {
504 struct cache_head h;
505 uid_t uid;
506 struct group_info *gi;
507 };
508 static struct cache_head *gid_table[GID_HASHMAX];
509
510 static void unix_gid_put(struct kref *kref)
511 {
512 struct cache_head *item = container_of(kref, struct cache_head, ref);
513 struct unix_gid *ug = container_of(item, struct unix_gid, h);
514 if (test_bit(CACHE_VALID, &item->flags) &&
515 !test_bit(CACHE_NEGATIVE, &item->flags))
516 put_group_info(ug->gi);
517 kfree(ug);
518 }
519
520 static int unix_gid_match(struct cache_head *corig, struct cache_head *cnew)
521 {
522 struct unix_gid *orig = container_of(corig, struct unix_gid, h);
523 struct unix_gid *new = container_of(cnew, struct unix_gid, h);
524 return orig->uid == new->uid;
525 }
526 static void unix_gid_init(struct cache_head *cnew, struct cache_head *citem)
527 {
528 struct unix_gid *new = container_of(cnew, struct unix_gid, h);
529 struct unix_gid *item = container_of(citem, struct unix_gid, h);
530 new->uid = item->uid;
531 }
532 static void unix_gid_update(struct cache_head *cnew, struct cache_head *citem)
533 {
534 struct unix_gid *new = container_of(cnew, struct unix_gid, h);
535 struct unix_gid *item = container_of(citem, struct unix_gid, h);
536
537 get_group_info(item->gi);
538 new->gi = item->gi;
539 }
540 static struct cache_head *unix_gid_alloc(void)
541 {
542 struct unix_gid *g = kmalloc(sizeof(*g), GFP_KERNEL);
543 if (g)
544 return &g->h;
545 else
546 return NULL;
547 }
548
549 static void unix_gid_request(struct cache_detail *cd,
550 struct cache_head *h,
551 char **bpp, int *blen)
552 {
553 char tuid[20];
554 struct unix_gid *ug = container_of(h, struct unix_gid, h);
555
556 snprintf(tuid, 20, "%u", ug->uid);
557 qword_add(bpp, blen, tuid);
558 (*bpp)[-1] = '\n';
559 }
560
561 static int unix_gid_upcall(struct cache_detail *cd, struct cache_head *h)
562 {
563 return sunrpc_cache_pipe_upcall(cd, h, unix_gid_request);
564 }
565
566 static struct unix_gid *unix_gid_lookup(uid_t uid);
567 extern struct cache_detail unix_gid_cache;
568
569 static int unix_gid_parse(struct cache_detail *cd,
570 char *mesg, int mlen)
571 {
572 /* uid expiry Ngid gid0 gid1 ... gidN-1 */
573 int uid;
574 int gids;
575 int rv;
576 int i;
577 int err;
578 time_t expiry;
579 struct unix_gid ug, *ugp;
580
581 if (mlen <= 0 || mesg[mlen-1] != '\n')
582 return -EINVAL;
583 mesg[mlen-1] = 0;
584
585 rv = get_int(&mesg, &uid);
586 if (rv)
587 return -EINVAL;
588 ug.uid = uid;
589
590 expiry = get_expiry(&mesg);
591 if (expiry == 0)
592 return -EINVAL;
593
594 rv = get_int(&mesg, &gids);
595 if (rv || gids < 0 || gids > 8192)
596 return -EINVAL;
597
598 ug.gi = groups_alloc(gids);
599 if (!ug.gi)
600 return -ENOMEM;
601
602 for (i = 0 ; i < gids ; i++) {
603 int gid;
604 rv = get_int(&mesg, &gid);
605 err = -EINVAL;
606 if (rv)
607 goto out;
608 GROUP_AT(ug.gi, i) = gid;
609 }
610
611 ugp = unix_gid_lookup(uid);
612 if (ugp) {
613 struct cache_head *ch;
614 ug.h.flags = 0;
615 ug.h.expiry_time = expiry;
616 ch = sunrpc_cache_update(&unix_gid_cache,
617 &ug.h, &ugp->h,
618 hash_long(uid, GID_HASHBITS));
619 if (!ch)
620 err = -ENOMEM;
621 else {
622 err = 0;
623 cache_put(ch, &unix_gid_cache);
624 }
625 } else
626 err = -ENOMEM;
627 out:
628 if (ug.gi)
629 put_group_info(ug.gi);
630 return err;
631 }
632
633 static int unix_gid_show(struct seq_file *m,
634 struct cache_detail *cd,
635 struct cache_head *h)
636 {
637 struct unix_gid *ug;
638 int i;
639 int glen;
640
641 if (h == NULL) {
642 seq_puts(m, "#uid cnt: gids...\n");
643 return 0;
644 }
645 ug = container_of(h, struct unix_gid, h);
646 if (test_bit(CACHE_VALID, &h->flags) &&
647 !test_bit(CACHE_NEGATIVE, &h->flags))
648 glen = ug->gi->ngroups;
649 else
650 glen = 0;
651
652 seq_printf(m, "%u %d:", ug->uid, glen);
653 for (i = 0; i < glen; i++)
654 seq_printf(m, " %d", GROUP_AT(ug->gi, i));
655 seq_printf(m, "\n");
656 return 0;
657 }
658
659 struct cache_detail unix_gid_cache = {
660 .owner = THIS_MODULE,
661 .hash_size = GID_HASHMAX,
662 .hash_table = gid_table,
663 .name = "auth.unix.gid",
664 .cache_put = unix_gid_put,
665 .cache_upcall = unix_gid_upcall,
666 .cache_parse = unix_gid_parse,
667 .cache_show = unix_gid_show,
668 .match = unix_gid_match,
669 .init = unix_gid_init,
670 .update = unix_gid_update,
671 .alloc = unix_gid_alloc,
672 };
673
674 static struct unix_gid *unix_gid_lookup(uid_t uid)
675 {
676 struct unix_gid ug;
677 struct cache_head *ch;
678
679 ug.uid = uid;
680 ch = sunrpc_cache_lookup(&unix_gid_cache, &ug.h,
681 hash_long(uid, GID_HASHBITS));
682 if (ch)
683 return container_of(ch, struct unix_gid, h);
684 else
685 return NULL;
686 }
687
688 static struct group_info *unix_gid_find(uid_t uid, struct svc_rqst *rqstp)
689 {
690 struct unix_gid *ug;
691 struct group_info *gi;
692 int ret;
693
694 ug = unix_gid_lookup(uid);
695 if (!ug)
696 return ERR_PTR(-EAGAIN);
697 ret = cache_check(&unix_gid_cache, &ug->h, &rqstp->rq_chandle);
698 switch (ret) {
699 case -ENOENT:
700 return ERR_PTR(-ENOENT);
701 case -ETIMEDOUT:
702 return ERR_PTR(-ESHUTDOWN);
703 case 0:
704 gi = get_group_info(ug->gi);
705 cache_put(&ug->h, &unix_gid_cache);
706 return gi;
707 default:
708 return ERR_PTR(-EAGAIN);
709 }
710 }
711
712 int
713 svcauth_unix_set_client(struct svc_rqst *rqstp)
714 {
715 struct sockaddr_in *sin;
716 struct sockaddr_in6 *sin6, sin6_storage;
717 struct ip_map *ipm;
718 struct group_info *gi;
719 struct svc_cred *cred = &rqstp->rq_cred;
720 struct svc_xprt *xprt = rqstp->rq_xprt;
721 struct net *net = xprt->xpt_net;
722 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
723
724 switch (rqstp->rq_addr.ss_family) {
725 case AF_INET:
726 sin = svc_addr_in(rqstp);
727 sin6 = &sin6_storage;
728 ipv6_addr_set_v4mapped(sin->sin_addr.s_addr, &sin6->sin6_addr);
729 break;
730 case AF_INET6:
731 sin6 = svc_addr_in6(rqstp);
732 break;
733 default:
734 BUG();
735 }
736
737 rqstp->rq_client = NULL;
738 if (rqstp->rq_proc == 0)
739 return SVC_OK;
740
741 ipm = ip_map_cached_get(xprt);
742 if (ipm == NULL)
743 ipm = __ip_map_lookup(sn->ip_map_cache, rqstp->rq_server->sv_program->pg_class,
744 &sin6->sin6_addr);
745
746 if (ipm == NULL)
747 return SVC_DENIED;
748
749 switch (cache_check(sn->ip_map_cache, &ipm->h, &rqstp->rq_chandle)) {
750 default:
751 BUG();
752 case -ETIMEDOUT:
753 return SVC_CLOSE;
754 case -EAGAIN:
755 return SVC_DROP;
756 case -ENOENT:
757 return SVC_DENIED;
758 case 0:
759 rqstp->rq_client = &ipm->m_client->h;
760 kref_get(&rqstp->rq_client->ref);
761 ip_map_cached_put(xprt, ipm);
762 break;
763 }
764
765 gi = unix_gid_find(cred->cr_uid, rqstp);
766 switch (PTR_ERR(gi)) {
767 case -EAGAIN:
768 return SVC_DROP;
769 case -ESHUTDOWN:
770 return SVC_CLOSE;
771 case -ENOENT:
772 break;
773 default:
774 put_group_info(cred->cr_group_info);
775 cred->cr_group_info = gi;
776 }
777 return SVC_OK;
778 }
779
780 EXPORT_SYMBOL_GPL(svcauth_unix_set_client);
781
782 static int
783 svcauth_null_accept(struct svc_rqst *rqstp, __be32 *authp)
784 {
785 struct kvec *argv = &rqstp->rq_arg.head[0];
786 struct kvec *resv = &rqstp->rq_res.head[0];
787 struct svc_cred *cred = &rqstp->rq_cred;
788
789 cred->cr_group_info = NULL;
790 rqstp->rq_client = NULL;
791
792 if (argv->iov_len < 3*4)
793 return SVC_GARBAGE;
794
795 if (svc_getu32(argv) != 0) {
796 dprintk("svc: bad null cred\n");
797 *authp = rpc_autherr_badcred;
798 return SVC_DENIED;
799 }
800 if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {
801 dprintk("svc: bad null verf\n");
802 *authp = rpc_autherr_badverf;
803 return SVC_DENIED;
804 }
805
806 /* Signal that mapping to nobody uid/gid is required */
807 cred->cr_uid = (uid_t) -1;
808 cred->cr_gid = (gid_t) -1;
809 cred->cr_group_info = groups_alloc(0);
810 if (cred->cr_group_info == NULL)
811 return SVC_CLOSE; /* kmalloc failure - client must retry */
812
813 /* Put NULL verifier */
814 svc_putnl(resv, RPC_AUTH_NULL);
815 svc_putnl(resv, 0);
816
817 rqstp->rq_flavor = RPC_AUTH_NULL;
818 return SVC_OK;
819 }
820
821 static int
822 svcauth_null_release(struct svc_rqst *rqstp)
823 {
824 if (rqstp->rq_client)
825 auth_domain_put(rqstp->rq_client);
826 rqstp->rq_client = NULL;
827 if (rqstp->rq_cred.cr_group_info)
828 put_group_info(rqstp->rq_cred.cr_group_info);
829 rqstp->rq_cred.cr_group_info = NULL;
830
831 return 0; /* don't drop */
832 }
833
834
835 struct auth_ops svcauth_null = {
836 .name = "null",
837 .owner = THIS_MODULE,
838 .flavour = RPC_AUTH_NULL,
839 .accept = svcauth_null_accept,
840 .release = svcauth_null_release,
841 .set_client = svcauth_unix_set_client,
842 };
843
844
845 static int
846 svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
847 {
848 struct kvec *argv = &rqstp->rq_arg.head[0];
849 struct kvec *resv = &rqstp->rq_res.head[0];
850 struct svc_cred *cred = &rqstp->rq_cred;
851 u32 slen, i;
852 int len = argv->iov_len;
853
854 cred->cr_group_info = NULL;
855 rqstp->rq_client = NULL;
856
857 if ((len -= 3*4) < 0)
858 return SVC_GARBAGE;
859
860 svc_getu32(argv); /* length */
861 svc_getu32(argv); /* time stamp */
862 slen = XDR_QUADLEN(svc_getnl(argv)); /* machname length */
863 if (slen > 64 || (len -= (slen + 3)*4) < 0)
864 goto badcred;
865 argv->iov_base = (void*)((__be32*)argv->iov_base + slen); /* skip machname */
866 argv->iov_len -= slen*4;
867
868 cred->cr_uid = svc_getnl(argv); /* uid */
869 cred->cr_gid = svc_getnl(argv); /* gid */
870 slen = svc_getnl(argv); /* gids length */
871 if (slen > 16 || (len -= (slen + 2)*4) < 0)
872 goto badcred;
873 cred->cr_group_info = groups_alloc(slen);
874 if (cred->cr_group_info == NULL)
875 return SVC_CLOSE;
876 for (i = 0; i < slen; i++)
877 GROUP_AT(cred->cr_group_info, i) = svc_getnl(argv);
878 if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {
879 *authp = rpc_autherr_badverf;
880 return SVC_DENIED;
881 }
882
883 /* Put NULL verifier */
884 svc_putnl(resv, RPC_AUTH_NULL);
885 svc_putnl(resv, 0);
886
887 rqstp->rq_flavor = RPC_AUTH_UNIX;
888 return SVC_OK;
889
890 badcred:
891 *authp = rpc_autherr_badcred;
892 return SVC_DENIED;
893 }
894
895 static int
896 svcauth_unix_release(struct svc_rqst *rqstp)
897 {
898 /* Verifier (such as it is) is already in place.
899 */
900 if (rqstp->rq_client)
901 auth_domain_put(rqstp->rq_client);
902 rqstp->rq_client = NULL;
903 if (rqstp->rq_cred.cr_group_info)
904 put_group_info(rqstp->rq_cred.cr_group_info);
905 rqstp->rq_cred.cr_group_info = NULL;
906
907 return 0;
908 }
909
910
911 struct auth_ops svcauth_unix = {
912 .name = "unix",
913 .owner = THIS_MODULE,
914 .flavour = RPC_AUTH_UNIX,
915 .accept = svcauth_unix_accept,
916 .release = svcauth_unix_release,
917 .domain_release = svcauth_unix_domain_release,
918 .set_client = svcauth_unix_set_client,
919 };
920
921 int ip_map_cache_create(struct net *net)
922 {
923 int err = -ENOMEM;
924 struct cache_detail *cd;
925 struct cache_head **tbl;
926 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
927
928 cd = kzalloc(sizeof(struct cache_detail), GFP_KERNEL);
929 if (cd == NULL)
930 goto err_cd;
931
932 tbl = kzalloc(IP_HASHMAX * sizeof(struct cache_head *), GFP_KERNEL);
933 if (tbl == NULL)
934 goto err_tbl;
935
936 cd->owner = THIS_MODULE,
937 cd->hash_size = IP_HASHMAX,
938 cd->hash_table = tbl,
939 cd->name = "auth.unix.ip",
940 cd->cache_put = ip_map_put,
941 cd->cache_upcall = ip_map_upcall,
942 cd->cache_parse = ip_map_parse,
943 cd->cache_show = ip_map_show,
944 cd->match = ip_map_match,
945 cd->init = ip_map_init,
946 cd->update = update,
947 cd->alloc = ip_map_alloc,
948
949 err = cache_register_net(cd, net);
950 if (err)
951 goto err_reg;
952
953 sn->ip_map_cache = cd;
954 return 0;
955
956 err_reg:
957 kfree(tbl);
958 err_tbl:
959 kfree(cd);
960 err_cd:
961 return err;
962 }
963
964 void ip_map_cache_destroy(struct net *net)
965 {
966 struct sunrpc_net *sn;
967
968 sn = net_generic(net, sunrpc_net_id);
969 cache_purge(sn->ip_map_cache);
970 cache_unregister_net(sn->ip_map_cache, net);
971 kfree(sn->ip_map_cache->hash_table);
972 kfree(sn->ip_map_cache);
973 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree