[mirror_ubuntu-focal-kernel.git] / net / sunrpc / auth_unix.c

/*
 * linux/net/sunrpc/auth_unix.c
 *
 * UNIX-style authentication; no AUTH_SHORT support
 *
 * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>
 */

#include <linux/types.h>
#include <linux/sched.h>
#include <linux/module.h>
#include <linux/sunrpc/clnt.h>
#include <linux/sunrpc/auth.h>

#define NFS_NGROUPS	16

struct unx_cred {
	struct rpc_cred		uc_base;
	gid_t			uc_gid;
	gid_t			uc_gids[NFS_NGROUPS];
};
#define uc_uid			uc_base.cr_uid

#define UNX_CRED_EXPIRE		(60 * HZ)

#define UNX_WRITESLACK		(21 + (UNX_MAXNODENAME >> 2))

#ifdef RPC_DEBUG
# define RPCDBG_FACILITY	RPCDBG_AUTH
#endif

static struct rpc_auth		unix_auth;
static struct rpc_cred_cache	unix_cred_cache;
static const struct rpc_credops	unix_credops;

static struct rpc_auth *
unx_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
{
	dprintk("RPC:       creating UNIX authenticator for client %p\n",
			clnt);
	if (atomic_inc_return(&unix_auth.au_count) == 1)
		unix_cred_cache.nextgc = jiffies + (unix_cred_cache.expire >> 1);
	return &unix_auth;
}

static void
unx_destroy(struct rpc_auth *auth)
{
	dprintk("RPC:       destroying UNIX authenticator %p\n", auth);
	rpcauth_clear_credcache(auth->au_credcache);
}

/*
 * Lookup AUTH_UNIX creds for current process
 */
static struct rpc_cred *
unx_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
{
	return rpcauth_lookup_credcache(auth, acred, flags);
}

static struct rpc_cred *
unx_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
{
	struct unx_cred	*cred;
	int		i;

	dprintk("RPC:       allocating UNIX cred for uid %d gid %d\n",
			acred->uid, acred->gid);

	if (!(cred = kmalloc(sizeof(*cred), GFP_KERNEL)))
		return ERR_PTR(-ENOMEM);

	rpcauth_init_cred(&cred->uc_base, acred, auth, &unix_credops);
	cred->uc_base.cr_flags = RPCAUTH_CRED_UPTODATE;
	if (flags & RPCAUTH_LOOKUP_ROOTCREDS) {
		cred->uc_uid = 0;
		cred->uc_gid = 0;
		cred->uc_gids[0] = NOGROUP;
	} else {
		int groups = acred->group_info->ngroups;
		if (groups > NFS_NGROUPS)
			groups = NFS_NGROUPS;

		cred->uc_gid = acred->gid;
		for (i = 0; i < groups; i++)
			cred->uc_gids[i] = GROUP_AT(acred->group_info, i);
		if (i < NFS_NGROUPS)
		  cred->uc_gids[i] = NOGROUP;
	}

	return (struct rpc_cred *) cred;
}

static void
unx_destroy_cred(struct rpc_cred *cred)
{
	kfree(cred);
}

/*
 * Match credentials against current process creds.
 * The root_override argument takes care of cases where the caller may
 * request root creds (e.g. for NFS swapping).
 */
static int
unx_match(struct auth_cred *acred, struct rpc_cred *rcred, int flags)
{
	struct unx_cred	*cred = (struct unx_cred *) rcred;
	int		i;

	if (!(flags & RPCAUTH_LOOKUP_ROOTCREDS)) {
		int groups;

		if (cred->uc_uid != acred->uid
		 || cred->uc_gid != acred->gid)
			return 0;

		groups = acred->group_info->ngroups;
		if (groups > NFS_NGROUPS)
			groups = NFS_NGROUPS;
		for (i = 0; i < groups ; i++)
			if (cred->uc_gids[i] != GROUP_AT(acred->group_info, i))
				return 0;
		return 1;
	}
	return (cred->uc_uid == 0
	     && cred->uc_gid == 0
	     && cred->uc_gids[0] == (gid_t) NOGROUP);
}

/*
 * Marshal credentials.
 * Maybe we should keep a cached credential for performance reasons.
 */
static __be32 *
unx_marshal(struct rpc_task *task, __be32 *p)
{
	struct rpc_clnt	*clnt = task->tk_client;
	struct unx_cred	*cred = (struct unx_cred *) task->tk_msg.rpc_cred;
	__be32		*base, *hold;
	int		i;

	*p++ = htonl(RPC_AUTH_UNIX);
	base = p++;
	*p++ = htonl(jiffies/HZ);

	/*
	 * Copy the UTS nodename captured when the client was created.
	 */
	p = xdr_encode_array(p, clnt->cl_nodename, clnt->cl_nodelen);

	*p++ = htonl((u32) cred->uc_uid);
	*p++ = htonl((u32) cred->uc_gid);
	hold = p++;
	for (i = 0; i < 16 && cred->uc_gids[i] != (gid_t) NOGROUP; i++)
		*p++ = htonl((u32) cred->uc_gids[i]);
	*hold = htonl(p - hold - 1);		/* gid array length */
	*base = htonl((p - base - 1) << 2);	/* cred length */

	*p++ = htonl(RPC_AUTH_NULL);
	*p++ = htonl(0);

	return p;
}

/*
 * Refresh credentials. This is a no-op for AUTH_UNIX
 */
static int
unx_refresh(struct rpc_task *task)
{
	task->tk_msg.rpc_cred->cr_flags |= RPCAUTH_CRED_UPTODATE;
	return 0;
}

static __be32 *
unx_validate(struct rpc_task *task, __be32 *p)
{
	rpc_authflavor_t	flavor;
	u32			size;

	flavor = ntohl(*p++);
	if (flavor != RPC_AUTH_NULL &&
	    flavor != RPC_AUTH_UNIX &&
	    flavor != RPC_AUTH_SHORT) {
		printk("RPC: bad verf flavor: %u\n", flavor);
		return NULL;
	}

	size = ntohl(*p++);
	if (size > RPC_MAX_AUTH_SIZE) {
		printk("RPC: giant verf size: %u\n", size);
		return NULL;
	}
	task->tk_auth->au_rslack = (size >> 2) + 2;
	p += (size >> 2);

	return p;
}

const struct rpc_authops authunix_ops = {
	.owner		= THIS_MODULE,
	.au_flavor	= RPC_AUTH_UNIX,
#ifdef RPC_DEBUG
	.au_name	= "UNIX",
#endif
	.create		= unx_create,
	.destroy	= unx_destroy,
	.lookup_cred	= unx_lookup_cred,
	.crcreate	= unx_create_cred,
};

static
struct rpc_cred_cache	unix_cred_cache = {
	.expire		= UNX_CRED_EXPIRE,
};

static
struct rpc_auth		unix_auth = {
	.au_cslack	= UNX_WRITESLACK,
	.au_rslack	= 2,			/* assume AUTH_NULL verf */
	.au_ops		= &authunix_ops,
	.au_flavor	= RPC_AUTH_UNIX,
	.au_count	= ATOMIC_INIT(0),
	.au_credcache	= &unix_cred_cache,
};

static
const struct rpc_credops unix_credops = {
	.cr_name	= "AUTH_UNIX",
	.crdestroy	= unx_destroy_cred,
	.crmatch	= unx_match,
	.crmarshal	= unx_marshal,
	.crrefresh	= unx_refresh,
	.crvalidate	= unx_validate,
};
Commit	Line	Data
1da177e4 LT	1	/*
	2	* linux/net/sunrpc/auth_unix.c
	3	*
	4	* UNIX-style authentication; no AUTH_SHORT support
	5	*
	6	* Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>
	7	*/
	8
	9	#include <linux/types.h>
	10	#include <linux/sched.h>
	11	#include <linux/module.h>
1da177e4 LT	12	#include <linux/sunrpc/clnt.h>
	13	#include <linux/sunrpc/auth.h>
	14
	15	#define NFS_NGROUPS 16
	16
	17	struct unx_cred {
	18	struct rpc_cred uc_base;
	19	gid_t uc_gid;
	20	gid_t uc_gids[NFS_NGROUPS];
	21	};
	22	#define uc_uid uc_base.cr_uid
1da177e4 LT	23
	24	#define UNX_CRED_EXPIRE (60 * HZ)
	25
	26	#define UNX_WRITESLACK (21 + (UNX_MAXNODENAME >> 2))
	27
	28	#ifdef RPC_DEBUG
	29	# define RPCDBG_FACILITY RPCDBG_AUTH
	30	#endif
	31
	32	static struct rpc_auth unix_auth;
	33	static struct rpc_cred_cache unix_cred_cache;
f1c0a861	34	static const struct rpc_credops unix_credops;
1da177e4 LT	35
	36	static struct rpc_auth *
	37	unx_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
	38	{
46121cf7 CL	39	dprintk("RPC: creating UNIX authenticator for client %p\n",
46121cf7 CL	40	clnt);
5c9cfc82	41	if (atomic_inc_return(&unix_auth.au_count) == 1)
1da177e4 LT	42	unix_cred_cache.nextgc = jiffies + (unix_cred_cache.expire >> 1);
	43	return &unix_auth;
	44	}
	45
	46	static void
	47	unx_destroy(struct rpc_auth *auth)
	48	{
46121cf7	49	dprintk("RPC: destroying UNIX authenticator %p\n", auth);
3ab9bb72	50	rpcauth_clear_credcache(auth->au_credcache);
1da177e4 LT	51	}
	52
	53	/*
	54	* Lookup AUTH_UNIX creds for current process
	55	*/
	56	static struct rpc_cred *
	57	unx_lookup_cred(struct rpc_auth auth, struct auth_cred acred, int flags)
	58	{
	59	return rpcauth_lookup_credcache(auth, acred, flags);
	60	}
	61
	62	static struct rpc_cred *
	63	unx_create_cred(struct rpc_auth auth, struct auth_cred acred, int flags)
	64	{
	65	struct unx_cred *cred;
	66	int i;
	67
46121cf7 CL	68	dprintk("RPC: allocating UNIX cred for uid %d gid %d\n",
46121cf7 CL	69	acred->uid, acred->gid);
1da177e4	70
8b3a7005	71	if (!(cred = kmalloc(sizeof(*cred), GFP_KERNEL)))
1da177e4 LT	72	return ERR_PTR(-ENOMEM);
1da177e4 LT	73
5fe4755e TM	74	rpcauth_init_cred(&cred->uc_base, acred, auth, &unix_credops);
5fe4755e TM	75	cred->uc_base.cr_flags = RPCAUTH_CRED_UPTODATE;
8a317760	76	if (flags & RPCAUTH_LOOKUP_ROOTCREDS) {
1da177e4 LT	77	cred->uc_uid = 0;
	78	cred->uc_gid = 0;
	79	cred->uc_gids[0] = NOGROUP;
	80	} else {
	81	int groups = acred->group_info->ngroups;
	82	if (groups > NFS_NGROUPS)
	83	groups = NFS_NGROUPS;
	84
1da177e4 LT	85	cred->uc_gid = acred->gid;
	86	for (i = 0; i < groups; i++)
	87	cred->uc_gids[i] = GROUP_AT(acred->group_info, i);
	88	if (i < NFS_NGROUPS)
	89	cred->uc_gids[i] = NOGROUP;
	90	}
1da177e4 LT	91
	92	return (struct rpc_cred *) cred;
	93	}
	94
	95	static void
	96	unx_destroy_cred(struct rpc_cred *cred)
	97	{
	98	kfree(cred);
	99	}
	100
	101	/*
	102	* Match credentials against current process creds.
	103	* The root_override argument takes care of cases where the caller may
	104	* request root creds (e.g. for NFS swapping).
	105	*/
	106	static int
8a317760	107	unx_match(struct auth_cred acred, struct rpc_cred rcred, int flags)
1da177e4 LT	108	{
	109	struct unx_cred cred = (struct unx_cred ) rcred;
	110	int i;
	111
8a317760	112	if (!(flags & RPCAUTH_LOOKUP_ROOTCREDS)) {
1da177e4 LT	113	int groups;
	114
	115	if (cred->uc_uid != acred->uid
	116	\|\| cred->uc_gid != acred->gid)
	117	return 0;
	118
	119	groups = acred->group_info->ngroups;
	120	if (groups > NFS_NGROUPS)
	121	groups = NFS_NGROUPS;
	122	for (i = 0; i < groups ; i++)
	123	if (cred->uc_gids[i] != GROUP_AT(acred->group_info, i))
	124	return 0;
	125	return 1;
	126	}
	127	return (cred->uc_uid == 0
	128	&& cred->uc_gid == 0
	129	&& cred->uc_gids[0] == (gid_t) NOGROUP);
	130	}
	131
	132	/*
	133	* Marshal credentials.
	134	* Maybe we should keep a cached credential for performance reasons.
	135	*/
d8ed029d AD	136	static __be32 *
d8ed029d AD	137	unx_marshal(struct rpc_task task, __be32 p)
1da177e4 LT	138	{
	139	struct rpc_clnt *clnt = task->tk_client;
	140	struct unx_cred cred = (struct unx_cred ) task->tk_msg.rpc_cred;
d8ed029d	141	__be32 base, hold;
1da177e4 LT	142	int i;
	143
	144	*p++ = htonl(RPC_AUTH_UNIX);
	145	base = p++;
	146	*p++ = htonl(jiffies/HZ);
	147
	148	/*
	149	* Copy the UTS nodename captured when the client was created.
	150	*/
	151	p = xdr_encode_array(p, clnt->cl_nodename, clnt->cl_nodelen);
	152
	153	*p++ = htonl((u32) cred->uc_uid);
	154	*p++ = htonl((u32) cred->uc_gid);
	155	hold = p++;
	156	for (i = 0; i < 16 && cred->uc_gids[i] != (gid_t) NOGROUP; i++)
	157	*p++ = htonl((u32) cred->uc_gids[i]);
	158	hold = htonl(p - hold - 1); / gid array length */
	159	base = htonl((p - base - 1) << 2); / cred length */
	160
	161	*p++ = htonl(RPC_AUTH_NULL);
	162	*p++ = htonl(0);
	163
	164	return p;
	165	}
	166
	167	/*
	168	* Refresh credentials. This is a no-op for AUTH_UNIX
	169	*/
	170	static int
	171	unx_refresh(struct rpc_task *task)
	172	{
	173	task->tk_msg.rpc_cred->cr_flags \|= RPCAUTH_CRED_UPTODATE;
	174	return 0;
	175	}
	176
d8ed029d AD	177	static __be32 *
d8ed029d AD	178	unx_validate(struct rpc_task task, __be32 p)
1da177e4 LT	179	{
	180	rpc_authflavor_t flavor;
	181	u32 size;
	182
	183	flavor = ntohl(*p++);
	184	if (flavor != RPC_AUTH_NULL &&
	185	flavor != RPC_AUTH_UNIX &&
	186	flavor != RPC_AUTH_SHORT) {
	187	printk("RPC: bad verf flavor: %u\n", flavor);
	188	return NULL;
	189	}
	190
	191	size = ntohl(*p++);
	192	if (size > RPC_MAX_AUTH_SIZE) {
	193	printk("RPC: giant verf size: %u\n", size);
	194	return NULL;
	195	}
	196	task->tk_auth->au_rslack = (size >> 2) + 2;
	197	p += (size >> 2);
	198
	199	return p;
	200	}
	201
f1c0a861	202	const struct rpc_authops authunix_ops = {
1da177e4 LT	203	.owner = THIS_MODULE,
	204	.au_flavor = RPC_AUTH_UNIX,
	205	#ifdef RPC_DEBUG
	206	.au_name = "UNIX",
	207	#endif
	208	.create = unx_create,
	209	.destroy = unx_destroy,
	210	.lookup_cred = unx_lookup_cred,
	211	.crcreate = unx_create_cred,
	212	};
	213
	214	static
	215	struct rpc_cred_cache unix_cred_cache = {
	216	.expire = UNX_CRED_EXPIRE,
	217	};
	218
	219	static
	220	struct rpc_auth unix_auth = {
	221	.au_cslack = UNX_WRITESLACK,
	222	.au_rslack = 2, /* assume AUTH_NULL verf */
	223	.au_ops = &authunix_ops,
81039f1f	224	.au_flavor = RPC_AUTH_UNIX,
1da177e4 LT	225	.au_count = ATOMIC_INIT(0),
	226	.au_credcache = &unix_cred_cache,
	227	};
	228
	229	static
f1c0a861	230	const struct rpc_credops unix_credops = {
1da177e4 LT	231	.cr_name = "AUTH_UNIX",
	232	.crdestroy = unx_destroy_cred,
	233	.crmatch = unx_match,
	234	.crmarshal = unx_marshal,
	235	.crrefresh = unx_refresh,
	236	.crvalidate = unx_validate,
	237	};