]> git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/blame - net/sunrpc/auth.c
projects / mirror_ubuntu-eoan-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'omap-for-v5.0/fixes-rc7-signed' of git://git.kernel.org/pub/scm/linux...
[mirror_ubuntu-eoan-kernel.git] / net / sunrpc / auth.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/net/sunrpc/auth.c
3 *
4 * Generic RPC client authentication API.
5 *
6 * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>
7 */
8
9#include <linux/types.h>
10#include <linux/sched.h>
5b825c3a 11#include <linux/cred.h>
1da177e4
LT		 12#include <linux/module.h>
13#include <linux/slab.h>
14#include <linux/errno.h>
25337fdc 15#include <linux/hash.h>
1da177e4 16#include <linux/sunrpc/clnt.h>
6a1a1e34 17#include <linux/sunrpc/gss_api.h>
1da177e4
LT		 18#include <linux/spinlock.h>
19
f895b252 20#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
1da177e4
LT		 21# define RPCDBG_FACILITY RPCDBG_AUTH
22#endif
23
241269bd
TM		 24#define RPC_CREDCACHE_DEFAULT_HASHBITS (4)
25struct rpc_cred_cache {
26 struct hlist_head *hashtable;
27 unsigned int hashbits;
28 spinlock_t lock;
29};
30
31static unsigned int auth_hashbits = RPC_CREDCACHE_DEFAULT_HASHBITS;
32
4e4c3bef
TM		 33static const struct rpc_authops __rcu *auth_flavors[RPC_AUTH_MAXFLAVOR] = {
34 [RPC_AUTH_NULL] = (const struct rpc_authops __force __rcu *)&authnull_ops,
35 [RPC_AUTH_UNIX] = (const struct rpc_authops __force __rcu *)&authunix_ops,
1da177e4
LT		 36 NULL, /* others can be loadable modules */
37};
38
e092bdcd 39static LIST_HEAD(cred_unused);
f5c2187c 40static unsigned long number_cred_unused;
e092bdcd 41
a52458b4
N		 42static struct cred machine_cred = {
43 .usage = ATOMIC_INIT(1),
e7f45099
S		 44#ifdef CONFIG_DEBUG_CREDENTIALS
45 .magic = CRED_MAGIC,
46#endif
5e16923b
N		 47};
48
49/*
50 * Return the machine_cred pointer to be used whenever
51 * the a generic machine credential is needed.
52 */
a52458b4 53const struct cred *rpc_machine_cred(void)
5e16923b
N		 54{
55 return &machine_cred;
56}
57EXPORT_SYMBOL_GPL(rpc_machine_cred);
58
db5fe265 59#define MAX_HASHTABLE_BITS (14)
8e4e15d4 60static int param_set_hashtbl_sz(const char *val, const struct kernel_param *kp)
241269bd
TM		 61{
62 unsigned long num;
63 unsigned int nbits;
64 int ret;
65
66 if (!val)
67 goto out_inval;
00cfaa94 68 ret = kstrtoul(val, 0, &num);
1a54c0cf 69 if (ret)
241269bd 70 goto out_inval;
34ae685c 71 nbits = fls(num - 1);
241269bd
TM		 72 if (nbits > MAX_HASHTABLE_BITS || nbits < 2)
73 goto out_inval;
74 *(unsigned int *)kp->arg = nbits;
75 return 0;
76out_inval:
77 return -EINVAL;
78}
79
8e4e15d4 80static int param_get_hashtbl_sz(char *buffer, const struct kernel_param *kp)
241269bd
TM		 81{
82 unsigned int nbits;
83
84 nbits = *(unsigned int *)kp->arg;
85 return sprintf(buffer, "%u", 1U << nbits);
86}
87
88#define param_check_hashtbl_sz(name, p) __param_check(name, p, unsigned int);
89
9c27847d 90static const struct kernel_param_ops param_ops_hashtbl_sz = {
8e4e15d4
SR		 91 .set = param_set_hashtbl_sz,
92 .get = param_get_hashtbl_sz,
93};
94
241269bd
TM		 95module_param_named(auth_hashtable_size, auth_hashbits, hashtbl_sz, 0644);
96MODULE_PARM_DESC(auth_hashtable_size, "RPC credential cache hashtable size");
97
bae6746f
TM		 98static unsigned long auth_max_cred_cachesize = ULONG_MAX;
99module_param(auth_max_cred_cachesize, ulong, 0644);
100MODULE_PARM_DESC(auth_max_cred_cachesize, "RPC credential maximum total cache size");
101
1da177e4
LT		 102static u32
103pseudoflavor_to_flavor(u32 flavor) {
1c74a244 104 if (flavor > RPC_AUTH_MAXFLAVOR)
1da177e4
LT		 105 return RPC_AUTH_GSS;
106 return flavor;
107}
108
109int
f1c0a861 110rpcauth_register(const struct rpc_authops *ops)
1da177e4 111{
4e4c3bef 112 const struct rpc_authops *old;
1da177e4
LT		 113 rpc_authflavor_t flavor;
114
115 if ((flavor = ops->au_flavor) >= RPC_AUTH_MAXFLAVOR)
116 return -EINVAL;
4e4c3bef
TM		 117 old = cmpxchg((const struct rpc_authops ** __force)&auth_flavors[flavor], NULL, ops);
118 if (old == NULL || old == ops)
119 return 0;
120 return -EPERM;
1da177e4 121}
e8914c65 122EXPORT_SYMBOL_GPL(rpcauth_register);
1da177e4
LT		 123
124int
f1c0a861 125rpcauth_unregister(const struct rpc_authops *ops)
1da177e4 126{
4e4c3bef 127 const struct rpc_authops *old;
1da177e4
LT		 128 rpc_authflavor_t flavor;
129
130 if ((flavor = ops->au_flavor) >= RPC_AUTH_MAXFLAVOR)
131 return -EINVAL;
4e4c3bef
TM		 132
133 old = cmpxchg((const struct rpc_authops ** __force)&auth_flavors[flavor], ops, NULL);
134 if (old == ops || old == NULL)
135 return 0;
136 return -EPERM;
1da177e4 137}
e8914c65 138EXPORT_SYMBOL_GPL(rpcauth_unregister);
1da177e4 139
4e4c3bef
TM		 140static const struct rpc_authops *
141rpcauth_get_authops(rpc_authflavor_t flavor)
142{
143 const struct rpc_authops *ops;
144
145 if (flavor >= RPC_AUTH_MAXFLAVOR)
146 return NULL;
147
148 rcu_read_lock();
149 ops = rcu_dereference(auth_flavors[flavor]);
150 if (ops == NULL) {
151 rcu_read_unlock();
152 request_module("rpc-auth-%u", flavor);
153 rcu_read_lock();
154 ops = rcu_dereference(auth_flavors[flavor]);
155 if (ops == NULL)
156 goto out;
157 }
158 if (!try_module_get(ops->owner))
159 ops = NULL;
160out:
161 rcu_read_unlock();
162 return ops;
163}
164
165static void
166rpcauth_put_authops(const struct rpc_authops *ops)
167{
168 module_put(ops->owner);
169}
170
9568c5e9
CL		 171/**
172 * rpcauth_get_pseudoflavor - check if security flavor is supported
173 * @flavor: a security flavor
174 * @info: a GSS mech OID, quality of protection, and service value
175 *
176 * Verifies that an appropriate kernel module is available or already loaded.
177 * Returns an equivalent pseudoflavor, or RPC_AUTH_MAXFLAVOR if "flavor" is
178 * not supported locally.
179 */
180rpc_authflavor_t
181rpcauth_get_pseudoflavor(rpc_authflavor_t flavor, struct rpcsec_gss_info *info)
182{
4e4c3bef 183 const struct rpc_authops *ops = rpcauth_get_authops(flavor);
9568c5e9
CL		 184 rpc_authflavor_t pseudoflavor;
185
4e4c3bef 186 if (!ops)
9568c5e9 187 return RPC_AUTH_MAXFLAVOR;
9568c5e9
CL		 188 pseudoflavor = flavor;
189 if (ops->info2flavor != NULL)
190 pseudoflavor = ops->info2flavor(info);
191
4e4c3bef 192 rpcauth_put_authops(ops);
9568c5e9
CL		 193 return pseudoflavor;
194}
195EXPORT_SYMBOL_GPL(rpcauth_get_pseudoflavor);
196
a77c806f
CL		 197/**
198 * rpcauth_get_gssinfo - find GSS tuple matching a GSS pseudoflavor
199 * @pseudoflavor: GSS pseudoflavor to match
200 * @info: rpcsec_gss_info structure to fill in
201 *
202 * Returns zero and fills in "info" if pseudoflavor matches a
203 * supported mechanism.
204 */
205int
206rpcauth_get_gssinfo(rpc_authflavor_t pseudoflavor, struct rpcsec_gss_info *info)
207{
208 rpc_authflavor_t flavor = pseudoflavor_to_flavor(pseudoflavor);
209 const struct rpc_authops *ops;
210 int result;
211
4e4c3bef 212 ops = rpcauth_get_authops(flavor);
a77c806f 213 if (ops == NULL)
a77c806f 214 return -ENOENT;
a77c806f
CL		 215
216 result = -ENOENT;
217 if (ops->flavor2info != NULL)
218 result = ops->flavor2info(pseudoflavor, info);
219
4e4c3bef 220 rpcauth_put_authops(ops);
a77c806f
CL		 221 return result;
222}
223EXPORT_SYMBOL_GPL(rpcauth_get_gssinfo);
224
6a1a1e34
CL		 225/**
226 * rpcauth_list_flavors - discover registered flavors and pseudoflavors
227 * @array: array to fill in
228 * @size: size of "array"
229 *
230 * Returns the number of array items filled in, or a negative errno.
231 *
232 * The returned array is not sorted by any policy. Callers should not
233 * rely on the order of the items in the returned array.
234 */
235int
236rpcauth_list_flavors(rpc_authflavor_t *array, int size)
237{
4e4c3bef
TM		 238 const struct rpc_authops *ops;
239 rpc_authflavor_t flavor, pseudos[4];
240 int i, len, result = 0;
6a1a1e34 241
4e4c3bef 242 rcu_read_lock();
6a1a1e34 243 for (flavor = 0; flavor < RPC_AUTH_MAXFLAVOR; flavor++) {
4e4c3bef 244 ops = rcu_dereference(auth_flavors[flavor]);
6a1a1e34
CL		 245 if (result >= size) {
246 result = -ENOMEM;
247 break;
248 }
249
250 if (ops == NULL)
251 continue;
252 if (ops->list_pseudoflavors == NULL) {
253 array[result++] = ops->au_flavor;
254 continue;
255 }
256 len = ops->list_pseudoflavors(pseudos, ARRAY_SIZE(pseudos));
257 if (len < 0) {
258 result = len;
259 break;
260 }
261 for (i = 0; i < len; i++) {
262 if (result >= size) {
263 result = -ENOMEM;
264 break;
265 }
266 array[result++] = pseudos[i];
267 }
268 }
4e4c3bef 269 rcu_read_unlock();
6a1a1e34
CL		 270
271 dprintk("RPC: %s returns %d\n", __func__, result);
272 return result;
273}
274EXPORT_SYMBOL_GPL(rpcauth_list_flavors);
275
1da177e4 276struct rpc_auth *
82b98ca5 277rpcauth_create(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
1da177e4 278{
4e4c3bef 279 struct rpc_auth *auth = ERR_PTR(-EINVAL);
f1c0a861 280 const struct rpc_authops *ops;
4e4c3bef 281 u32 flavor = pseudoflavor_to_flavor(args->pseudoflavor);
1da177e4 282
4e4c3bef
TM		 283 ops = rpcauth_get_authops(flavor);
284 if (ops == NULL)
f344f6df
OK		 285 goto out;
286
c2190661 287 auth = ops->create(args, clnt);
4e4c3bef
TM		 288
289 rpcauth_put_authops(ops);
6a19275a
BF		 290 if (IS_ERR(auth))
291 return auth;
1da177e4 292 if (clnt->cl_auth)
de7a8ce3 293 rpcauth_release(clnt->cl_auth);
1da177e4 294 clnt->cl_auth = auth;
f344f6df
OK		 295
296out:
1da177e4
LT		 297 return auth;
298}
e8914c65 299EXPORT_SYMBOL_GPL(rpcauth_create);
1da177e4
LT		 300
301void
de7a8ce3 302rpcauth_release(struct rpc_auth *auth)
1da177e4 303{
331bc71c 304 if (!refcount_dec_and_test(&auth->au_count))
1da177e4
LT		 305 return;
306 auth->au_ops->destroy(auth);
307}
308
309static DEFINE_SPINLOCK(rpc_credcache_lock);
310
95cd6232
TM		 311/*
312 * On success, the caller is responsible for freeing the reference
313 * held by the hashtable
314 */
315static bool
31be5bf1
TM		 316rpcauth_unhash_cred_locked(struct rpc_cred *cred)
317{
95cd6232
TM		 318 if (!test_and_clear_bit(RPCAUTH_CRED_HASHED, &cred->cr_flags))
319 return false;
31be5bf1 320 hlist_del_rcu(&cred->cr_hash);
95cd6232 321 return true;
31be5bf1
TM		 322}
323
95cd6232 324static bool
9499b434
TM		 325rpcauth_unhash_cred(struct rpc_cred *cred)
326{
327 spinlock_t *cache_lock;
95cd6232 328 bool ret;
9499b434 329
95cd6232
TM		 330 if (!test_bit(RPCAUTH_CRED_HASHED, &cred->cr_flags))
331 return false;
9499b434
TM		 332 cache_lock = &cred->cr_auth->au_credcache->lock;
333 spin_lock(cache_lock);
95cd6232 334 ret = rpcauth_unhash_cred_locked(cred);
9499b434 335 spin_unlock(cache_lock);
f0380f3d 336 return ret;
9499b434
TM		 337}
338
1da177e4
LT		 339/*
340 * Initialize RPC credential cache
341 */
342int
f5c2187c 343rpcauth_init_credcache(struct rpc_auth *auth)
1da177e4
LT		 344{
345 struct rpc_cred_cache *new;
988664a0 346 unsigned int hashsize;
1da177e4 347
8b3a7005 348 new = kmalloc(sizeof(*new), GFP_KERNEL);
1da177e4 349 if (!new)
241269bd
TM		 350 goto out_nocache;
351 new->hashbits = auth_hashbits;
988664a0 352 hashsize = 1U << new->hashbits;
241269bd
TM		 353 new->hashtable = kcalloc(hashsize, sizeof(new->hashtable[0]), GFP_KERNEL);
354 if (!new->hashtable)
355 goto out_nohashtbl;
9499b434 356 spin_lock_init(&new->lock);
1da177e4
LT		 357 auth->au_credcache = new;
358 return 0;
241269bd
TM		 359out_nohashtbl:
360 kfree(new);
361out_nocache:
362 return -ENOMEM;
1da177e4 363}
e8914c65 364EXPORT_SYMBOL_GPL(rpcauth_init_credcache);
1da177e4 365
a0337d1d
JL		 366char *
367rpcauth_stringify_acceptor(struct rpc_cred *cred)
368{
369 if (!cred->cr_ops->crstringify_acceptor)
370 return NULL;
371 return cred->cr_ops->crstringify_acceptor(cred);
372}
373EXPORT_SYMBOL_GPL(rpcauth_stringify_acceptor);
374
1da177e4
LT		 375/*
376 * Destroy a list of credentials
377 */
378static inline
e092bdcd 379void rpcauth_destroy_credlist(struct list_head *head)
1da177e4
LT		 380{
381 struct rpc_cred *cred;
382
e092bdcd
TM		 383 while (!list_empty(head)) {
384 cred = list_entry(head->next, struct rpc_cred, cr_lru);
385 list_del_init(&cred->cr_lru);
1da177e4
LT		 386 put_rpccred(cred);
387 }
388}
389
95cd6232
TM		 390static void
391rpcauth_lru_add_locked(struct rpc_cred *cred)
392{
393 if (!list_empty(&cred->cr_lru))
394 return;
395 number_cred_unused++;
396 list_add_tail(&cred->cr_lru, &cred_unused);
397}
398
399static void
400rpcauth_lru_add(struct rpc_cred *cred)
401{
402 if (!list_empty(&cred->cr_lru))
403 return;
404 spin_lock(&rpc_credcache_lock);
405 rpcauth_lru_add_locked(cred);
406 spin_unlock(&rpc_credcache_lock);
407}
408
409static void
410rpcauth_lru_remove_locked(struct rpc_cred *cred)
411{
412 if (list_empty(&cred->cr_lru))
413 return;
414 number_cred_unused--;
415 list_del_init(&cred->cr_lru);
416}
417
418static void
419rpcauth_lru_remove(struct rpc_cred *cred)
420{
421 if (list_empty(&cred->cr_lru))
422 return;
423 spin_lock(&rpc_credcache_lock);
424 rpcauth_lru_remove_locked(cred);
425 spin_unlock(&rpc_credcache_lock);
426}
427
1da177e4
LT		 428/*
429 * Clear the RPC credential cache, and delete those credentials
430 * that are not referenced.
431 */
432void
3ab9bb72 433rpcauth_clear_credcache(struct rpc_cred_cache *cache)
1da177e4 434{
e092bdcd
TM		 435 LIST_HEAD(free);
436 struct hlist_head *head;
1da177e4 437 struct rpc_cred *cred;
988664a0 438 unsigned int hashsize = 1U << cache->hashbits;
1da177e4
LT		 439 int i;
440
441 spin_lock(&rpc_credcache_lock);
9499b434 442 spin_lock(&cache->lock);
988664a0 443 for (i = 0; i < hashsize; i++) {
e092bdcd
TM		 444 head = &cache->hashtable[i];
445 while (!hlist_empty(head)) {
446 cred = hlist_entry(head->first, struct rpc_cred, cr_hash);
31be5bf1 447 rpcauth_unhash_cred_locked(cred);
95cd6232
TM		 448 /* Note: We now hold a reference to cred */
449 rpcauth_lru_remove_locked(cred);
450 list_add_tail(&cred->cr_lru, &free);
1da177e4
LT		 451 }
452 }
9499b434 453 spin_unlock(&cache->lock);
1da177e4
LT		 454 spin_unlock(&rpc_credcache_lock);
455 rpcauth_destroy_credlist(&free);
456}
457
3ab9bb72
TM		 458/*
459 * Destroy the RPC credential cache
460 */
461void
462rpcauth_destroy_credcache(struct rpc_auth *auth)
463{
464 struct rpc_cred_cache *cache = auth->au_credcache;
465
466 if (cache) {
467 auth->au_credcache = NULL;
468 rpcauth_clear_credcache(cache);
241269bd 469 kfree(cache->hashtable);
3ab9bb72
TM		 470 kfree(cache);
471 }
472}
e8914c65 473EXPORT_SYMBOL_GPL(rpcauth_destroy_credcache);
3ab9bb72 474
d2b83141
TM		 475
476#define RPC_AUTH_EXPIRY_MORATORIUM (60 * HZ)
477
e092bdcd
TM		 478/*
479 * Remove stale credentials. Avoid sleeping inside the loop.
480 */
70534a73 481static long
f5c2187c 482rpcauth_prune_expired(struct list_head *free, int nr_to_scan)
1da177e4 483{
eac0d18d 484 struct rpc_cred *cred, *next;
d2b83141 485 unsigned long expired = jiffies - RPC_AUTH_EXPIRY_MORATORIUM;
70534a73 486 long freed = 0;
e092bdcd 487
eac0d18d
TM		 488 list_for_each_entry_safe(cred, next, &cred_unused, cr_lru) {
489
20673406
TM		 490 if (nr_to_scan-- == 0)
491 break;
79b18181 492 if (refcount_read(&cred->cr_count) > 1) {
95cd6232
TM		 493 rpcauth_lru_remove_locked(cred);
494 continue;
495 }
93a05e65
TM		 496 /*
497 * Enforce a 60 second garbage collection moratorium
498 * Note that the cred_unused list must be time-ordered.
499 */
95cd6232
TM		 500 if (!time_in_range(cred->cr_expire, expired, jiffies))
501 continue;
502 if (!rpcauth_unhash_cred(cred))
e092bdcd 503 continue;
eac0d18d 504
95cd6232
TM		 505 rpcauth_lru_remove_locked(cred);
506 freed++;
507 list_add_tail(&cred->cr_lru, free);
1da177e4 508 }
95cd6232 509 return freed ? freed : SHRINK_STOP;
1da177e4
LT		 510}
511
bae6746f
TM		 512static unsigned long
513rpcauth_cache_do_shrink(int nr_to_scan)
514{
515 LIST_HEAD(free);
516 unsigned long freed;
517
518 spin_lock(&rpc_credcache_lock);
519 freed = rpcauth_prune_expired(&free, nr_to_scan);
520 spin_unlock(&rpc_credcache_lock);
521 rpcauth_destroy_credlist(&free);
522
523 return freed;
524}
525
1da177e4 526/*
f5c2187c 527 * Run memory cache shrinker.
1da177e4 528 */
70534a73
DC		 529static unsigned long
530rpcauth_cache_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
531
1da177e4 532{
70534a73
DC		 533 if ((sc->gfp_mask & GFP_KERNEL) != GFP_KERNEL)
534 return SHRINK_STOP;
f5c2187c 535
70534a73 536 /* nothing left, don't come back */
f5c2187c 537 if (list_empty(&cred_unused))
70534a73
DC		 538 return SHRINK_STOP;
539
bae6746f 540 return rpcauth_cache_do_shrink(sc->nr_to_scan);
70534a73
DC		 541}
542
543static unsigned long
544rpcauth_cache_shrink_count(struct shrinker *shrink, struct shrink_control *sc)
545
546{
4c3ffd05 547 return number_cred_unused * sysctl_vfs_cache_pressure / 100;
1da177e4
LT		 548}
549
bae6746f
TM		 550static void
551rpcauth_cache_enforce_limit(void)
552{
553 unsigned long diff;
554 unsigned int nr_to_scan;
555
556 if (number_cred_unused <= auth_max_cred_cachesize)
557 return;
558 diff = number_cred_unused - auth_max_cred_cachesize;
559 nr_to_scan = 100;
560 if (diff < nr_to_scan)
561 nr_to_scan = diff;
562 rpcauth_cache_do_shrink(nr_to_scan);
563}
564
1da177e4
LT		 565/*
566 * Look up a process' credentials in the authentication cache
567 */
568struct rpc_cred *
569rpcauth_lookup_credcache(struct rpc_auth *auth, struct auth_cred * acred,
3c6e0bc8 570 int flags, gfp_t gfp)
1da177e4 571{
e092bdcd 572 LIST_HEAD(free);
1da177e4 573 struct rpc_cred_cache *cache = auth->au_credcache;
31be5bf1
TM		 574 struct rpc_cred *cred = NULL,
575 *entry, *new;
25337fdc
TM		 576 unsigned int nr;
577
66cbd4ba 578 nr = auth->au_ops->hash_cred(acred, cache->hashbits);
1da177e4 579
31be5bf1 580 rcu_read_lock();
b67bfe0d 581 hlist_for_each_entry_rcu(entry, &cache->hashtable[nr], cr_hash) {
e092bdcd
TM		 582 if (!entry->cr_ops->crmatch(acred, entry, flags))
583 continue;
584 cred = get_rpccred(entry);
07d02a67
TM		 585 if (cred)
586 break;
1da177e4 587 }
31be5bf1
TM		 588 rcu_read_unlock();
589
9499b434 590 if (cred != NULL)
31be5bf1 591 goto found;
1da177e4 592
3c6e0bc8 593 new = auth->au_ops->crcreate(auth, acred, flags, gfp);
31be5bf1
TM		 594 if (IS_ERR(new)) {
595 cred = new;
596 goto out;
597 }
1da177e4 598
9499b434 599 spin_lock(&cache->lock);
b67bfe0d 600 hlist_for_each_entry(entry, &cache->hashtable[nr], cr_hash) {
31be5bf1
TM		 601 if (!entry->cr_ops->crmatch(acred, entry, flags))
602 continue;
603 cred = get_rpccred(entry);
07d02a67
TM		 604 if (cred)
605 break;
31be5bf1
TM		 606 }
607 if (cred == NULL) {
5fe4755e 608 cred = new;
31be5bf1 609 set_bit(RPCAUTH_CRED_HASHED, &cred->cr_flags);
79b18181 610 refcount_inc(&cred->cr_count);
31be5bf1
TM		 611 hlist_add_head_rcu(&cred->cr_hash, &cache->hashtable[nr]);
612 } else
613 list_add_tail(&new->cr_lru, &free);
9499b434 614 spin_unlock(&cache->lock);
bae6746f 615 rpcauth_cache_enforce_limit();
31be5bf1 616found:
f64f9e71
JP		 617 if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags) &&
618 cred->cr_ops->cr_init != NULL &&
619 !(flags & RPCAUTH_LOOKUP_NEW)) {
fba3bad4
TM		 620 int res = cred->cr_ops->cr_init(auth, cred);
621 if (res < 0) {
622 put_rpccred(cred);
623 cred = ERR_PTR(res);
624 }
1da177e4 625 }
31be5bf1
TM		 626 rpcauth_destroy_credlist(&free);
627out:
628 return cred;
1da177e4 629}
e8914c65 630EXPORT_SYMBOL_GPL(rpcauth_lookup_credcache);
1da177e4
LT		 631
632struct rpc_cred *
8a317760 633rpcauth_lookupcred(struct rpc_auth *auth, int flags)
1da177e4 634{
86a264ab 635 struct auth_cred acred;
1da177e4 636 struct rpc_cred *ret;
86a264ab 637 const struct cred *cred = current_cred();
1da177e4 638
46121cf7 639 dprintk("RPC: looking up %s cred\n",
1da177e4 640 auth->au_ops->au_name);
86a264ab
DH		 641
642 memset(&acred, 0, sizeof(acred));
97f68c6b 643 acred.cred = cred;
8a317760 644 ret = auth->au_ops->lookup_cred(auth, &acred, flags);
1da177e4
LT		 645 return ret;
646}
66b06860 647EXPORT_SYMBOL_GPL(rpcauth_lookupcred);
1da177e4 648
5fe4755e
TM		 649void
650rpcauth_init_cred(struct rpc_cred *cred, const struct auth_cred *acred,
651 struct rpc_auth *auth, const struct rpc_credops *ops)
652{
653 INIT_HLIST_NODE(&cred->cr_hash);
e092bdcd 654 INIT_LIST_HEAD(&cred->cr_lru);
79b18181 655 refcount_set(&cred->cr_count, 1);
5fe4755e 656 cred->cr_auth = auth;
2edd8d74 657 cred->cr_flags = 0;
5fe4755e
TM		 658 cred->cr_ops = ops;
659 cred->cr_expire = jiffies;
97f68c6b 660 cred->cr_cred = get_cred(acred->cred);
5fe4755e 661}
e8914c65 662EXPORT_SYMBOL_GPL(rpcauth_init_cred);
5fe4755e 663
8572b8e2 664static struct rpc_cred *
5d351754 665rpcauth_bind_root_cred(struct rpc_task *task, int lookupflags)
1da177e4 666{
1be27f36 667 struct rpc_auth *auth = task->tk_client->cl_auth;
1da177e4 668 struct auth_cred acred = {
97f68c6b 669 .cred = get_task_cred(&init_task),
1da177e4 670 };
97f68c6b 671 struct rpc_cred *ret;
1da177e4 672
46121cf7 673 dprintk("RPC: %5u looking up %s cred\n",
1be27f36 674 task->tk_pid, task->tk_client->cl_auth->au_ops->au_name);
97f68c6b
N		 675 ret = auth->au_ops->lookup_cred(auth, &acred, lookupflags);
676 put_cred(acred.cred);
677 return ret;
af093835
TM		 678}
679
5e16923b
N		 680static struct rpc_cred *
681rpcauth_bind_machine_cred(struct rpc_task *task, int lookupflags)
682{
683 struct rpc_auth *auth = task->tk_client->cl_auth;
684 struct auth_cred acred = {
685 .principal = task->tk_client->cl_principal,
686 .cred = init_task.cred,
687 };
688
689 if (!acred.principal)
690 return NULL;
691 dprintk("RPC: %5u looking up %s machine cred\n",
692 task->tk_pid, task->tk_client->cl_auth->au_ops->au_name);
693 return auth->au_ops->lookup_cred(auth, &acred, lookupflags);
694}
695
8572b8e2 696static struct rpc_cred *
5d351754 697rpcauth_bind_new_cred(struct rpc_task *task, int lookupflags)
af093835
TM		 698{
699 struct rpc_auth *auth = task->tk_client->cl_auth;
af093835
TM		 700
701 dprintk("RPC: %5u looking up %s cred\n",
702 task->tk_pid, auth->au_ops->au_name);
8572b8e2 703 return rpcauth_lookupcred(auth, lookupflags);
1da177e4
LT		 704}
705
a17c2153 706static int
a52458b4 707rpcauth_bindcred(struct rpc_task *task, const struct cred *cred, int flags)
1da177e4 708{
a17c2153 709 struct rpc_rqst *req = task->tk_rqstp;
5e16923b 710 struct rpc_cred *new = NULL;
5d351754 711 int lookupflags = 0;
a52458b4
N		 712 struct rpc_auth *auth = task->tk_client->cl_auth;
713 struct auth_cred acred = {
714 .cred = cred,
715 };
5d351754
TM		 716
717 if (flags & RPC_TASK_ASYNC)
718 lookupflags |= RPCAUTH_LOOKUP_NEW;
1de7eea9
N		 719 if (task->tk_op_cred)
720 /* Task must use exactly this rpc_cred */
d6efccd9 721 new = get_rpccred(task->tk_op_cred);
1de7eea9 722 else if (cred != NULL && cred != &machine_cred)
a52458b4 723 new = auth->au_ops->lookup_cred(auth, &acred, lookupflags);
5e16923b
N		 724 else if (cred == &machine_cred)
725 new = rpcauth_bind_machine_cred(task, lookupflags);
726
727 /* If machine cred couldn't be bound, try a root cred */
728 if (new)
729 ;
730 else if (cred == &machine_cred || (flags & RPC_TASK_ROOTCREDS))
8572b8e2 731 new = rpcauth_bind_root_cred(task, lookupflags);
a68a72e1
N		 732 else if (flags & RPC_TASK_NULLCREDS)
733 new = authnull_ops.lookup_cred(NULL, NULL, 0);
4ccda2cd 734 else
8572b8e2
TM		 735 new = rpcauth_bind_new_cred(task, lookupflags);
736 if (IS_ERR(new))
737 return PTR_ERR(new);
9a8f6b5e 738 put_rpccred(req->rq_cred);
a17c2153 739 req->rq_cred = new;
8572b8e2 740 return 0;
1da177e4
LT		 741}
742
743void
744put_rpccred(struct rpc_cred *cred)
745{
9a8f6b5e
TM		 746 if (cred == NULL)
747 return;
95cd6232 748 rcu_read_lock();
79b18181 749 if (refcount_dec_and_test(&cred->cr_count))
95cd6232 750 goto destroy;
79b18181 751 if (refcount_read(&cred->cr_count) != 1 ||
95cd6232
TM		 752 !test_bit(RPCAUTH_CRED_HASHED, &cred->cr_flags))
753 goto out;
754 if (test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) != 0) {
755 cred->cr_expire = jiffies;
756 rpcauth_lru_add(cred);
757 /* Race breaker */
758 if (unlikely(!test_bit(RPCAUTH_CRED_HASHED, &cred->cr_flags)))
759 rpcauth_lru_remove(cred);
760 } else if (rpcauth_unhash_cred(cred)) {
761 rpcauth_lru_remove(cred);
79b18181 762 if (refcount_dec_and_test(&cred->cr_count))
95cd6232 763 goto destroy;
e092bdcd 764 }
95cd6232
TM		 765out:
766 rcu_read_unlock();
f0380f3d 767 return;
95cd6232
TM		 768destroy:
769 rcu_read_unlock();
770 cred->cr_ops->crdestroy(cred);
1da177e4 771}
e8914c65 772EXPORT_SYMBOL_GPL(put_rpccred);
1da177e4 773
d8ed029d
AD		 774__be32 *
775rpcauth_marshcred(struct rpc_task *task, __be32 *p)
1da177e4 776{
a17c2153 777 struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1da177e4 778
46121cf7 779 dprintk("RPC: %5u marshaling %s cred %p\n",
1be27f36 780 task->tk_pid, cred->cr_auth->au_ops->au_name, cred);
0bbacc40 781
1da177e4
LT		 782 return cred->cr_ops->crmarshal(task, p);
783}
784
d8ed029d
AD		 785__be32 *
786rpcauth_checkverf(struct rpc_task *task, __be32 *p)
1da177e4 787{
a17c2153 788 struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1da177e4 789
46121cf7 790 dprintk("RPC: %5u validating %s cred %p\n",
1be27f36 791 task->tk_pid, cred->cr_auth->au_ops->au_name, cred);
0bbacc40 792
1da177e4
LT		 793 return cred->cr_ops->crvalidate(task, p);
794}
795
9f06c719
CL		 796static void rpcauth_wrap_req_encode(kxdreproc_t encode, struct rpc_rqst *rqstp,
797 __be32 *data, void *obj)
798{
799 struct xdr_stream xdr;
800
801 xdr_init_encode(&xdr, &rqstp->rq_snd_buf, data);
802 encode(rqstp, &xdr, obj);
803}
804
1da177e4 805int
9f06c719 806rpcauth_wrap_req(struct rpc_task *task, kxdreproc_t encode, void *rqstp,
d8ed029d 807 __be32 *data, void *obj)
1da177e4 808{
a17c2153 809 struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1da177e4 810
46121cf7 811 dprintk("RPC: %5u using %s cred %p to wrap rpc data\n",
1da177e4
LT		 812 task->tk_pid, cred->cr_ops->cr_name, cred);
813 if (cred->cr_ops->crwrap_req)
814 return cred->cr_ops->crwrap_req(task, encode, rqstp, data, obj);
815 /* By default, we encode the arguments normally. */
9f06c719
CL		 816 rpcauth_wrap_req_encode(encode, rqstp, data, obj);
817 return 0;
1da177e4
LT		 818}
819
bf269551
CL		 820static int
821rpcauth_unwrap_req_decode(kxdrdproc_t decode, struct rpc_rqst *rqstp,
822 __be32 *data, void *obj)
823{
824 struct xdr_stream xdr;
825
826 xdr_init_decode(&xdr, &rqstp->rq_rcv_buf, data);
827 return decode(rqstp, &xdr, obj);
828}
829
1da177e4 830int
bf269551 831rpcauth_unwrap_resp(struct rpc_task *task, kxdrdproc_t decode, void *rqstp,
d8ed029d 832 __be32 *data, void *obj)
1da177e4 833{
a17c2153 834 struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1da177e4 835
46121cf7 836 dprintk("RPC: %5u using %s cred %p to unwrap rpc data\n",
1da177e4
LT		 837 task->tk_pid, cred->cr_ops->cr_name, cred);
838 if (cred->cr_ops->crunwrap_resp)
839 return cred->cr_ops->crunwrap_resp(task, decode, rqstp,
840 data, obj);
841 /* By default, we decode the arguments normally. */
bf269551 842 return rpcauth_unwrap_req_decode(decode, rqstp, data, obj);
1da177e4
LT		 843}
844
3021a5bb
TM		 845bool
846rpcauth_xmit_need_reencode(struct rpc_task *task)
847{
848 struct rpc_cred *cred = task->tk_rqstp->rq_cred;
849
850 if (!cred || !cred->cr_ops->crneed_reencode)
851 return false;
852 return cred->cr_ops->crneed_reencode(task);
853}
854
1da177e4
LT		 855int
856rpcauth_refreshcred(struct rpc_task *task)
857{
9a84d380 858 struct rpc_cred *cred;
1da177e4
LT		 859 int err;
860
a17c2153
TM		 861 cred = task->tk_rqstp->rq_cred;
862 if (cred == NULL) {
863 err = rpcauth_bindcred(task, task->tk_msg.rpc_cred, task->tk_flags);
864 if (err < 0)
865 goto out;
866 cred = task->tk_rqstp->rq_cred;
f81c6224 867 }
46121cf7 868 dprintk("RPC: %5u refreshing %s cred %p\n",
1be27f36 869 task->tk_pid, cred->cr_auth->au_ops->au_name, cred);
0bbacc40 870
1da177e4 871 err = cred->cr_ops->crrefresh(task);
a17c2153 872out:
1da177e4
LT		 873 if (err < 0)
874 task->tk_status = err;
875 return err;
876}
877
878void
879rpcauth_invalcred(struct rpc_task *task)
880{
a17c2153 881 struct rpc_cred *cred = task->tk_rqstp->rq_cred;
fc432dd9 882
46121cf7 883 dprintk("RPC: %5u invalidating %s cred %p\n",
1be27f36 884 task->tk_pid, cred->cr_auth->au_ops->au_name, cred);
fc432dd9
TM		 885 if (cred)
886 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1da177e4
LT		 887}
888
889int
890rpcauth_uptodatecred(struct rpc_task *task)
891{
a17c2153 892 struct rpc_cred *cred = task->tk_rqstp->rq_cred;
fc432dd9
TM		 893
894 return cred == NULL ||
895 test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) != 0;
1da177e4 896}
f5c2187c 897
8e1f936b 898static struct shrinker rpc_cred_shrinker = {
70534a73
DC		 899 .count_objects = rpcauth_cache_shrink_count,
900 .scan_objects = rpcauth_cache_shrink_scan,
8e1f936b
RR		 901 .seeks = DEFAULT_SEEKS,
902};
f5c2187c 903
5d8d9a4d 904int __init rpcauth_init_module(void)
f5c2187c 905{
5d8d9a4d
TM		 906 int err;
907
908 err = rpc_init_authunix();
909 if (err < 0)
910 goto out1;
2864486b
KM		 911 err = register_shrinker(&rpc_cred_shrinker);
912 if (err < 0)
89a4f758 913 goto out2;
5d8d9a4d
TM		 914 return 0;
915out2:
916 rpc_destroy_authunix();
917out1:
918 return err;
f5c2187c
TM		 919}
920
c135e84a 921void rpcauth_remove_module(void)
f5c2187c 922{
5d8d9a4d 923 rpc_destroy_authunix();
8e1f936b 924 unregister_shrinker(&rpc_cred_shrinker);
f5c2187c 925}
Ubuntu Eoan Linux kernel mirror