2 * linux/net/sunrpc/auth_unix.c
4 * UNIX-style authentication; no AUTH_SHORT support
6 * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>
9 #include <linux/types.h>
10 #include <linux/sched.h>
11 #include <linux/module.h>
12 #include <linux/sunrpc/clnt.h>
13 #include <linux/sunrpc/auth.h>
15 #define NFS_NGROUPS 16
18 struct rpc_cred uc_base
;
20 gid_t uc_gids
[NFS_NGROUPS
];
22 #define uc_uid uc_base.cr_uid
24 #define UNX_WRITESLACK (21 + (UNX_MAXNODENAME >> 2))
27 # define RPCDBG_FACILITY RPCDBG_AUTH
30 static struct rpc_auth unix_auth
;
31 static struct rpc_cred_cache unix_cred_cache
;
32 static const struct rpc_credops unix_credops
;
34 static struct rpc_auth
*
35 unx_create(struct rpc_clnt
*clnt
, rpc_authflavor_t flavor
)
37 dprintk("RPC: creating UNIX authenticator for client %p\n",
39 atomic_inc(&unix_auth
.au_count
);
44 unx_destroy(struct rpc_auth
*auth
)
46 dprintk("RPC: destroying UNIX authenticator %p\n", auth
);
47 rpcauth_clear_credcache(auth
->au_credcache
);
51 * Lookup AUTH_UNIX creds for current process
53 static struct rpc_cred
*
54 unx_lookup_cred(struct rpc_auth
*auth
, struct auth_cred
*acred
, int flags
)
56 return rpcauth_lookup_credcache(auth
, acred
, flags
);
59 static struct rpc_cred
*
60 unx_create_cred(struct rpc_auth
*auth
, struct auth_cred
*acred
, int flags
)
62 struct unx_cred
*cred
;
65 dprintk("RPC: allocating UNIX cred for uid %d gid %d\n",
66 acred
->uid
, acred
->gid
);
68 if (!(cred
= kmalloc(sizeof(*cred
), GFP_KERNEL
)))
69 return ERR_PTR(-ENOMEM
);
71 rpcauth_init_cred(&cred
->uc_base
, acred
, auth
, &unix_credops
);
72 cred
->uc_base
.cr_flags
= 1UL << RPCAUTH_CRED_UPTODATE
;
73 if (flags
& RPCAUTH_LOOKUP_ROOTCREDS
) {
76 cred
->uc_gids
[0] = NOGROUP
;
78 int groups
= acred
->group_info
->ngroups
;
79 if (groups
> NFS_NGROUPS
)
82 cred
->uc_gid
= acred
->gid
;
83 for (i
= 0; i
< groups
; i
++)
84 cred
->uc_gids
[i
] = GROUP_AT(acred
->group_info
, i
);
86 cred
->uc_gids
[i
] = NOGROUP
;
89 return &cred
->uc_base
;
93 unx_free_cred(struct unx_cred
*unx_cred
)
95 dprintk("RPC: unx_free_cred %p\n", unx_cred
);
100 unx_free_cred_callback(struct rcu_head
*head
)
102 struct unx_cred
*unx_cred
= container_of(head
, struct unx_cred
, uc_base
.cr_rcu
);
103 unx_free_cred(unx_cred
);
107 unx_destroy_cred(struct rpc_cred
*cred
)
109 call_rcu(&cred
->cr_rcu
, unx_free_cred_callback
);
113 * Match credentials against current process creds.
114 * The root_override argument takes care of cases where the caller may
115 * request root creds (e.g. for NFS swapping).
118 unx_match(struct auth_cred
*acred
, struct rpc_cred
*rcred
, int flags
)
120 struct unx_cred
*cred
= container_of(rcred
, struct unx_cred
, uc_base
);
123 if (!(flags
& RPCAUTH_LOOKUP_ROOTCREDS
)) {
126 if (cred
->uc_uid
!= acred
->uid
127 || cred
->uc_gid
!= acred
->gid
)
130 groups
= acred
->group_info
->ngroups
;
131 if (groups
> NFS_NGROUPS
)
132 groups
= NFS_NGROUPS
;
133 for (i
= 0; i
< groups
; i
++)
134 if (cred
->uc_gids
[i
] != GROUP_AT(acred
->group_info
, i
))
138 return (cred
->uc_uid
== 0
140 && cred
->uc_gids
[0] == (gid_t
) NOGROUP
);
144 * Marshal credentials.
145 * Maybe we should keep a cached credential for performance reasons.
148 unx_marshal(struct rpc_task
*task
, __be32
*p
)
150 struct rpc_clnt
*clnt
= task
->tk_client
;
151 struct unx_cred
*cred
= container_of(task
->tk_msg
.rpc_cred
, struct unx_cred
, uc_base
);
155 *p
++ = htonl(RPC_AUTH_UNIX
);
157 *p
++ = htonl(jiffies
/HZ
);
160 * Copy the UTS nodename captured when the client was created.
162 p
= xdr_encode_array(p
, clnt
->cl_nodename
, clnt
->cl_nodelen
);
164 *p
++ = htonl((u32
) cred
->uc_uid
);
165 *p
++ = htonl((u32
) cred
->uc_gid
);
167 for (i
= 0; i
< 16 && cred
->uc_gids
[i
] != (gid_t
) NOGROUP
; i
++)
168 *p
++ = htonl((u32
) cred
->uc_gids
[i
]);
169 *hold
= htonl(p
- hold
- 1); /* gid array length */
170 *base
= htonl((p
- base
- 1) << 2); /* cred length */
172 *p
++ = htonl(RPC_AUTH_NULL
);
179 * Refresh credentials. This is a no-op for AUTH_UNIX
182 unx_refresh(struct rpc_task
*task
)
184 set_bit(RPCAUTH_CRED_UPTODATE
, &task
->tk_msg
.rpc_cred
->cr_flags
);
189 unx_validate(struct rpc_task
*task
, __be32
*p
)
191 rpc_authflavor_t flavor
;
194 flavor
= ntohl(*p
++);
195 if (flavor
!= RPC_AUTH_NULL
&&
196 flavor
!= RPC_AUTH_UNIX
&&
197 flavor
!= RPC_AUTH_SHORT
) {
198 printk("RPC: bad verf flavor: %u\n", flavor
);
203 if (size
> RPC_MAX_AUTH_SIZE
) {
204 printk("RPC: giant verf size: %u\n", size
);
207 task
->tk_msg
.rpc_cred
->cr_auth
->au_rslack
= (size
>> 2) + 2;
213 void __init
rpc_init_authunix(void)
215 spin_lock_init(&unix_cred_cache
.lock
);
218 const struct rpc_authops authunix_ops
= {
219 .owner
= THIS_MODULE
,
220 .au_flavor
= RPC_AUTH_UNIX
,
224 .create
= unx_create
,
225 .destroy
= unx_destroy
,
226 .lookup_cred
= unx_lookup_cred
,
227 .crcreate
= unx_create_cred
,
231 struct rpc_cred_cache unix_cred_cache
= {
235 struct rpc_auth unix_auth
= {
236 .au_cslack
= UNX_WRITESLACK
,
237 .au_rslack
= 2, /* assume AUTH_NULL verf */
238 .au_ops
= &authunix_ops
,
239 .au_flavor
= RPC_AUTH_UNIX
,
240 .au_count
= ATOMIC_INIT(0),
241 .au_credcache
= &unix_cred_cache
,
245 const struct rpc_credops unix_credops
= {
246 .cr_name
= "AUTH_UNIX",
247 .crdestroy
= unx_destroy_cred
,
248 .crmatch
= unx_match
,
249 .crmarshal
= unx_marshal
,
250 .crrefresh
= unx_refresh
,
251 .crvalidate
= unx_validate
,