]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | #include <linux/types.h> |
2 | #include <linux/sched.h> | |
3 | #include <linux/module.h> | |
4 | #include <linux/sunrpc/types.h> | |
5 | #include <linux/sunrpc/xdr.h> | |
6 | #include <linux/sunrpc/svcsock.h> | |
7 | #include <linux/sunrpc/svcauth.h> | |
c4170583 | 8 | #include <linux/sunrpc/gss_api.h> |
1da177e4 LT |
9 | #include <linux/err.h> |
10 | #include <linux/seq_file.h> | |
11 | #include <linux/hash.h> | |
543537bd | 12 | #include <linux/string.h> |
5a0e3ad6 | 13 | #include <linux/slab.h> |
7b2b1fee | 14 | #include <net/sock.h> |
f15364bd AC |
15 | #include <net/ipv6.h> |
16 | #include <linux/kernel.h> | |
1da177e4 LT |
17 | #define RPCDBG_FACILITY RPCDBG_AUTH |
18 | ||
07396051 | 19 | #include <linux/sunrpc/clnt.h> |
1da177e4 | 20 | |
90d51b02 PE |
21 | #include "netns.h" |
22 | ||
1da177e4 LT |
23 | /* |
24 | * AUTHUNIX and AUTHNULL credentials are both handled here. | |
25 | * AUTHNULL is treated just like AUTHUNIX except that the uid/gid | |
26 | * are always nobody (-2). i.e. we do the same IP address checks for | |
27 | * AUTHNULL as for AUTHUNIX, and that is done here. | |
28 | */ | |
29 | ||
30 | ||
1da177e4 LT |
31 | struct unix_domain { |
32 | struct auth_domain h; | |
1da177e4 LT |
33 | /* other stuff later */ |
34 | }; | |
35 | ||
13e0e958 | 36 | extern struct auth_ops svcauth_null; |
efc36aa5 N |
37 | extern struct auth_ops svcauth_unix; |
38 | ||
8b3e07ac BF |
39 | static void svcauth_unix_domain_release(struct auth_domain *dom) |
40 | { | |
41 | struct unix_domain *ud = container_of(dom, struct unix_domain, h); | |
42 | ||
43 | kfree(dom->name); | |
44 | kfree(ud); | |
45 | } | |
46 | ||
1da177e4 LT |
47 | struct auth_domain *unix_domain_find(char *name) |
48 | { | |
efc36aa5 N |
49 | struct auth_domain *rv; |
50 | struct unix_domain *new = NULL; | |
51 | ||
52 | rv = auth_domain_lookup(name, NULL); | |
53 | while(1) { | |
ad1b5229 N |
54 | if (rv) { |
55 | if (new && rv != &new->h) | |
352b5d13 | 56 | svcauth_unix_domain_release(&new->h); |
ad1b5229 N |
57 | |
58 | if (rv->flavour != &svcauth_unix) { | |
59 | auth_domain_put(rv); | |
60 | return NULL; | |
61 | } | |
efc36aa5 N |
62 | return rv; |
63 | } | |
efc36aa5 N |
64 | |
65 | new = kmalloc(sizeof(*new), GFP_KERNEL); | |
66 | if (new == NULL) | |
67 | return NULL; | |
68 | kref_init(&new->h.ref); | |
69 | new->h.name = kstrdup(name, GFP_KERNEL); | |
dd08d6ea N |
70 | if (new->h.name == NULL) { |
71 | kfree(new); | |
72 | return NULL; | |
73 | } | |
efc36aa5 | 74 | new->h.flavour = &svcauth_unix; |
efc36aa5 | 75 | rv = auth_domain_lookup(name, &new->h); |
1da177e4 | 76 | } |
1da177e4 | 77 | } |
24c3767e | 78 | EXPORT_SYMBOL_GPL(unix_domain_find); |
1da177e4 | 79 | |
1da177e4 LT |
80 | |
81 | /************************************************** | |
82 | * cache for IP address to unix_domain | |
83 | * as needed by AUTH_UNIX | |
84 | */ | |
85 | #define IP_HASHBITS 8 | |
86 | #define IP_HASHMAX (1<<IP_HASHBITS) | |
1da177e4 LT |
87 | |
88 | struct ip_map { | |
89 | struct cache_head h; | |
90 | char m_class[8]; /* e.g. "nfsd" */ | |
f15364bd | 91 | struct in6_addr m_addr; |
1da177e4 | 92 | struct unix_domain *m_client; |
1da177e4 | 93 | }; |
1da177e4 | 94 | |
baab935f | 95 | static void ip_map_put(struct kref *kref) |
1da177e4 | 96 | { |
baab935f | 97 | struct cache_head *item = container_of(kref, struct cache_head, ref); |
1da177e4 | 98 | struct ip_map *im = container_of(item, struct ip_map,h); |
baab935f N |
99 | |
100 | if (test_bit(CACHE_VALID, &item->flags) && | |
101 | !test_bit(CACHE_NEGATIVE, &item->flags)) | |
102 | auth_domain_put(&im->m_client->h); | |
103 | kfree(im); | |
1da177e4 LT |
104 | } |
105 | ||
1f1e030b N |
106 | #if IP_HASHBITS == 8 |
107 | /* hash_long on a 64 bit machine is currently REALLY BAD for | |
108 | * IP addresses in reverse-endian (i.e. on a little-endian machine). | |
109 | * So use a trivial but reliable hash instead | |
110 | */ | |
4806126d | 111 | static inline int hash_ip(__be32 ip) |
1f1e030b | 112 | { |
4806126d | 113 | int hash = (__force u32)ip ^ ((__force u32)ip>>16); |
1f1e030b N |
114 | return (hash ^ (hash>>8)) & 0xff; |
115 | } | |
116 | #endif | |
f15364bd AC |
117 | static inline int hash_ip6(struct in6_addr ip) |
118 | { | |
119 | return (hash_ip(ip.s6_addr32[0]) ^ | |
120 | hash_ip(ip.s6_addr32[1]) ^ | |
121 | hash_ip(ip.s6_addr32[2]) ^ | |
122 | hash_ip(ip.s6_addr32[3])); | |
123 | } | |
1a9917c2 | 124 | static int ip_map_match(struct cache_head *corig, struct cache_head *cnew) |
1da177e4 | 125 | { |
1a9917c2 N |
126 | struct ip_map *orig = container_of(corig, struct ip_map, h); |
127 | struct ip_map *new = container_of(cnew, struct ip_map, h); | |
f64f9e71 JP |
128 | return strcmp(orig->m_class, new->m_class) == 0 && |
129 | ipv6_addr_equal(&orig->m_addr, &new->m_addr); | |
1da177e4 | 130 | } |
1a9917c2 | 131 | static void ip_map_init(struct cache_head *cnew, struct cache_head *citem) |
1da177e4 | 132 | { |
1a9917c2 N |
133 | struct ip_map *new = container_of(cnew, struct ip_map, h); |
134 | struct ip_map *item = container_of(citem, struct ip_map, h); | |
135 | ||
1da177e4 | 136 | strcpy(new->m_class, item->m_class); |
4e3fd7a0 | 137 | new->m_addr = item->m_addr; |
1da177e4 | 138 | } |
1a9917c2 | 139 | static void update(struct cache_head *cnew, struct cache_head *citem) |
1da177e4 | 140 | { |
1a9917c2 N |
141 | struct ip_map *new = container_of(cnew, struct ip_map, h); |
142 | struct ip_map *item = container_of(citem, struct ip_map, h); | |
143 | ||
efc36aa5 | 144 | kref_get(&item->m_client->h.ref); |
1da177e4 | 145 | new->m_client = item->m_client; |
1da177e4 | 146 | } |
1a9917c2 N |
147 | static struct cache_head *ip_map_alloc(void) |
148 | { | |
149 | struct ip_map *i = kmalloc(sizeof(*i), GFP_KERNEL); | |
150 | if (i) | |
151 | return &i->h; | |
152 | else | |
153 | return NULL; | |
154 | } | |
1da177e4 LT |
155 | |
156 | static void ip_map_request(struct cache_detail *cd, | |
157 | struct cache_head *h, | |
158 | char **bpp, int *blen) | |
159 | { | |
f15364bd | 160 | char text_addr[40]; |
1da177e4 | 161 | struct ip_map *im = container_of(h, struct ip_map, h); |
1da177e4 | 162 | |
f15364bd | 163 | if (ipv6_addr_v4mapped(&(im->m_addr))) { |
21454aaa | 164 | snprintf(text_addr, 20, "%pI4", &im->m_addr.s6_addr32[3]); |
f15364bd | 165 | } else { |
5b095d98 | 166 | snprintf(text_addr, 40, "%pI6", &im->m_addr); |
f15364bd | 167 | } |
1da177e4 LT |
168 | qword_add(bpp, blen, im->m_class); |
169 | qword_add(bpp, blen, text_addr); | |
170 | (*bpp)[-1] = '\n'; | |
171 | } | |
172 | ||
bc74b4f5 TM |
173 | static int ip_map_upcall(struct cache_detail *cd, struct cache_head *h) |
174 | { | |
175 | return sunrpc_cache_pipe_upcall(cd, h, ip_map_request); | |
176 | } | |
177 | ||
bf18ab32 PE |
178 | static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class, struct in6_addr *addr); |
179 | static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm, struct unix_domain *udom, time_t expiry); | |
1da177e4 LT |
180 | |
181 | static int ip_map_parse(struct cache_detail *cd, | |
182 | char *mesg, int mlen) | |
183 | { | |
184 | /* class ipaddress [domainname] */ | |
185 | /* should be safe just to use the start of the input buffer | |
186 | * for scratch: */ | |
187 | char *buf = mesg; | |
188 | int len; | |
1a9917c2 | 189 | char class[8]; |
07396051 CL |
190 | union { |
191 | struct sockaddr sa; | |
192 | struct sockaddr_in s4; | |
193 | struct sockaddr_in6 s6; | |
194 | } address; | |
195 | struct sockaddr_in6 sin6; | |
1a9917c2 N |
196 | int err; |
197 | ||
198 | struct ip_map *ipmp; | |
1da177e4 LT |
199 | struct auth_domain *dom; |
200 | time_t expiry; | |
201 | ||
202 | if (mesg[mlen-1] != '\n') | |
203 | return -EINVAL; | |
204 | mesg[mlen-1] = 0; | |
205 | ||
206 | /* class */ | |
1a9917c2 | 207 | len = qword_get(&mesg, class, sizeof(class)); |
1da177e4 LT |
208 | if (len <= 0) return -EINVAL; |
209 | ||
210 | /* ip address */ | |
211 | len = qword_get(&mesg, buf, mlen); | |
212 | if (len <= 0) return -EINVAL; | |
213 | ||
d05cc104 | 214 | if (rpc_pton(cd->net, buf, len, &address.sa, sizeof(address)) == 0) |
1da177e4 | 215 | return -EINVAL; |
07396051 CL |
216 | switch (address.sa.sa_family) { |
217 | case AF_INET: | |
218 | /* Form a mapped IPv4 address in sin6 */ | |
07396051 | 219 | sin6.sin6_family = AF_INET6; |
70dc78da PE |
220 | ipv6_addr_set_v4mapped(address.s4.sin_addr.s_addr, |
221 | &sin6.sin6_addr); | |
07396051 | 222 | break; |
dfd56b8b | 223 | #if IS_ENABLED(CONFIG_IPV6) |
07396051 CL |
224 | case AF_INET6: |
225 | memcpy(&sin6, &address.s6, sizeof(sin6)); | |
226 | break; | |
227 | #endif | |
228 | default: | |
229 | return -EINVAL; | |
230 | } | |
cca5172a | 231 | |
1da177e4 LT |
232 | expiry = get_expiry(&mesg); |
233 | if (expiry ==0) | |
234 | return -EINVAL; | |
235 | ||
236 | /* domainname, or empty for NEGATIVE */ | |
237 | len = qword_get(&mesg, buf, mlen); | |
238 | if (len < 0) return -EINVAL; | |
239 | ||
240 | if (len) { | |
241 | dom = unix_domain_find(buf); | |
242 | if (dom == NULL) | |
243 | return -ENOENT; | |
244 | } else | |
245 | dom = NULL; | |
246 | ||
07396051 | 247 | /* IPv6 scope IDs are ignored for now */ |
bf18ab32 | 248 | ipmp = __ip_map_lookup(cd, class, &sin6.sin6_addr); |
1a9917c2 | 249 | if (ipmp) { |
bf18ab32 | 250 | err = __ip_map_update(cd, ipmp, |
1a9917c2 N |
251 | container_of(dom, struct unix_domain, h), |
252 | expiry); | |
1da177e4 | 253 | } else |
1a9917c2 | 254 | err = -ENOMEM; |
1da177e4 | 255 | |
1da177e4 LT |
256 | if (dom) |
257 | auth_domain_put(dom); | |
1a9917c2 | 258 | |
1da177e4 | 259 | cache_flush(); |
1a9917c2 | 260 | return err; |
1da177e4 LT |
261 | } |
262 | ||
263 | static int ip_map_show(struct seq_file *m, | |
264 | struct cache_detail *cd, | |
265 | struct cache_head *h) | |
266 | { | |
267 | struct ip_map *im; | |
f15364bd | 268 | struct in6_addr addr; |
1da177e4 LT |
269 | char *dom = "-no-domain-"; |
270 | ||
271 | if (h == NULL) { | |
272 | seq_puts(m, "#class IP domain\n"); | |
273 | return 0; | |
274 | } | |
275 | im = container_of(h, struct ip_map, h); | |
276 | /* class addr domain */ | |
4e3fd7a0 | 277 | addr = im->m_addr; |
1da177e4 | 278 | |
cca5172a | 279 | if (test_bit(CACHE_VALID, &h->flags) && |
1da177e4 LT |
280 | !test_bit(CACHE_NEGATIVE, &h->flags)) |
281 | dom = im->m_client->h.name; | |
282 | ||
f15364bd | 283 | if (ipv6_addr_v4mapped(&addr)) { |
21454aaa HH |
284 | seq_printf(m, "%s %pI4 %s\n", |
285 | im->m_class, &addr.s6_addr32[3], dom); | |
f15364bd | 286 | } else { |
5b095d98 | 287 | seq_printf(m, "%s %pI6 %s\n", im->m_class, &addr, dom); |
f15364bd | 288 | } |
1da177e4 LT |
289 | return 0; |
290 | } | |
cca5172a | 291 | |
1da177e4 | 292 | |
bf18ab32 PE |
293 | static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class, |
294 | struct in6_addr *addr) | |
1a9917c2 N |
295 | { |
296 | struct ip_map ip; | |
297 | struct cache_head *ch; | |
298 | ||
299 | strcpy(ip.m_class, class); | |
4e3fd7a0 | 300 | ip.m_addr = *addr; |
bf18ab32 | 301 | ch = sunrpc_cache_lookup(cd, &ip.h, |
1a9917c2 | 302 | hash_str(class, IP_HASHBITS) ^ |
f15364bd | 303 | hash_ip6(*addr)); |
1a9917c2 N |
304 | |
305 | if (ch) | |
306 | return container_of(ch, struct ip_map, h); | |
307 | else | |
308 | return NULL; | |
309 | } | |
1da177e4 | 310 | |
352114f3 PE |
311 | static inline struct ip_map *ip_map_lookup(struct net *net, char *class, |
312 | struct in6_addr *addr) | |
bf18ab32 | 313 | { |
90d51b02 PE |
314 | struct sunrpc_net *sn; |
315 | ||
316 | sn = net_generic(net, sunrpc_net_id); | |
317 | return __ip_map_lookup(sn->ip_map_cache, class, addr); | |
bf18ab32 PE |
318 | } |
319 | ||
320 | static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm, | |
321 | struct unix_domain *udom, time_t expiry) | |
1a9917c2 N |
322 | { |
323 | struct ip_map ip; | |
324 | struct cache_head *ch; | |
325 | ||
326 | ip.m_client = udom; | |
327 | ip.h.flags = 0; | |
328 | if (!udom) | |
329 | set_bit(CACHE_NEGATIVE, &ip.h.flags); | |
1a9917c2 | 330 | ip.h.expiry_time = expiry; |
bf18ab32 | 331 | ch = sunrpc_cache_update(cd, &ip.h, &ipm->h, |
1a9917c2 | 332 | hash_str(ipm->m_class, IP_HASHBITS) ^ |
f15364bd | 333 | hash_ip6(ipm->m_addr)); |
1a9917c2 N |
334 | if (!ch) |
335 | return -ENOMEM; | |
bf18ab32 | 336 | cache_put(ch, cd); |
1a9917c2 N |
337 | return 0; |
338 | } | |
1da177e4 | 339 | |
352114f3 PE |
340 | static inline int ip_map_update(struct net *net, struct ip_map *ipm, |
341 | struct unix_domain *udom, time_t expiry) | |
bf18ab32 | 342 | { |
90d51b02 PE |
343 | struct sunrpc_net *sn; |
344 | ||
345 | sn = net_generic(net, sunrpc_net_id); | |
346 | return __ip_map_update(sn->ip_map_cache, ipm, udom, expiry); | |
bf18ab32 PE |
347 | } |
348 | ||
1da177e4 LT |
349 | |
350 | void svcauth_unix_purge(void) | |
351 | { | |
90d51b02 PE |
352 | struct net *net; |
353 | ||
354 | for_each_net(net) { | |
355 | struct sunrpc_net *sn; | |
356 | ||
357 | sn = net_generic(net, sunrpc_net_id); | |
358 | cache_purge(sn->ip_map_cache); | |
359 | } | |
1da177e4 | 360 | } |
24c3767e | 361 | EXPORT_SYMBOL_GPL(svcauth_unix_purge); |
1da177e4 | 362 | |
7b2b1fee | 363 | static inline struct ip_map * |
3be4479f | 364 | ip_map_cached_get(struct svc_xprt *xprt) |
7b2b1fee | 365 | { |
def13d74 | 366 | struct ip_map *ipm = NULL; |
90d51b02 | 367 | struct sunrpc_net *sn; |
def13d74 TT |
368 | |
369 | if (test_bit(XPT_CACHE_AUTH, &xprt->xpt_flags)) { | |
370 | spin_lock(&xprt->xpt_lock); | |
371 | ipm = xprt->xpt_auth_cache; | |
372 | if (ipm != NULL) { | |
373 | if (!cache_valid(&ipm->h)) { | |
374 | /* | |
375 | * The entry has been invalidated since it was | |
376 | * remembered, e.g. by a second mount from the | |
377 | * same IP address. | |
378 | */ | |
90d51b02 | 379 | sn = net_generic(xprt->xpt_net, sunrpc_net_id); |
def13d74 TT |
380 | xprt->xpt_auth_cache = NULL; |
381 | spin_unlock(&xprt->xpt_lock); | |
90d51b02 | 382 | cache_put(&ipm->h, sn->ip_map_cache); |
def13d74 TT |
383 | return NULL; |
384 | } | |
385 | cache_get(&ipm->h); | |
7b2b1fee | 386 | } |
def13d74 | 387 | spin_unlock(&xprt->xpt_lock); |
7b2b1fee GB |
388 | } |
389 | return ipm; | |
390 | } | |
391 | ||
392 | static inline void | |
3be4479f | 393 | ip_map_cached_put(struct svc_xprt *xprt, struct ip_map *ipm) |
7b2b1fee | 394 | { |
def13d74 TT |
395 | if (test_bit(XPT_CACHE_AUTH, &xprt->xpt_flags)) { |
396 | spin_lock(&xprt->xpt_lock); | |
397 | if (xprt->xpt_auth_cache == NULL) { | |
398 | /* newly cached, keep the reference */ | |
399 | xprt->xpt_auth_cache = ipm; | |
400 | ipm = NULL; | |
401 | } | |
402 | spin_unlock(&xprt->xpt_lock); | |
30f3deee | 403 | } |
90d51b02 PE |
404 | if (ipm) { |
405 | struct sunrpc_net *sn; | |
406 | ||
407 | sn = net_generic(xprt->xpt_net, sunrpc_net_id); | |
408 | cache_put(&ipm->h, sn->ip_map_cache); | |
409 | } | |
7b2b1fee GB |
410 | } |
411 | ||
412 | void | |
e3bfca01 | 413 | svcauth_unix_info_release(struct svc_xprt *xpt) |
7b2b1fee | 414 | { |
e3bfca01 PE |
415 | struct ip_map *ipm; |
416 | ||
417 | ipm = xpt->xpt_auth_cache; | |
90d51b02 PE |
418 | if (ipm != NULL) { |
419 | struct sunrpc_net *sn; | |
420 | ||
421 | sn = net_generic(xpt->xpt_net, sunrpc_net_id); | |
422 | cache_put(&ipm->h, sn->ip_map_cache); | |
423 | } | |
7b2b1fee GB |
424 | } |
425 | ||
3fc605a2 N |
426 | /**************************************************************************** |
427 | * auth.unix.gid cache | |
428 | * simple cache to map a UID to a list of GIDs | |
429 | * because AUTH_UNIX aka AUTH_SYS has a max of 16 | |
430 | */ | |
431 | #define GID_HASHBITS 8 | |
432 | #define GID_HASHMAX (1<<GID_HASHBITS) | |
3fc605a2 N |
433 | |
434 | struct unix_gid { | |
435 | struct cache_head h; | |
436 | uid_t uid; | |
437 | struct group_info *gi; | |
438 | }; | |
3fc605a2 N |
439 | |
440 | static void unix_gid_put(struct kref *kref) | |
441 | { | |
442 | struct cache_head *item = container_of(kref, struct cache_head, ref); | |
443 | struct unix_gid *ug = container_of(item, struct unix_gid, h); | |
444 | if (test_bit(CACHE_VALID, &item->flags) && | |
445 | !test_bit(CACHE_NEGATIVE, &item->flags)) | |
446 | put_group_info(ug->gi); | |
447 | kfree(ug); | |
448 | } | |
449 | ||
450 | static int unix_gid_match(struct cache_head *corig, struct cache_head *cnew) | |
451 | { | |
452 | struct unix_gid *orig = container_of(corig, struct unix_gid, h); | |
453 | struct unix_gid *new = container_of(cnew, struct unix_gid, h); | |
454 | return orig->uid == new->uid; | |
455 | } | |
456 | static void unix_gid_init(struct cache_head *cnew, struct cache_head *citem) | |
457 | { | |
458 | struct unix_gid *new = container_of(cnew, struct unix_gid, h); | |
459 | struct unix_gid *item = container_of(citem, struct unix_gid, h); | |
460 | new->uid = item->uid; | |
461 | } | |
462 | static void unix_gid_update(struct cache_head *cnew, struct cache_head *citem) | |
463 | { | |
464 | struct unix_gid *new = container_of(cnew, struct unix_gid, h); | |
465 | struct unix_gid *item = container_of(citem, struct unix_gid, h); | |
466 | ||
467 | get_group_info(item->gi); | |
468 | new->gi = item->gi; | |
469 | } | |
470 | static struct cache_head *unix_gid_alloc(void) | |
471 | { | |
472 | struct unix_gid *g = kmalloc(sizeof(*g), GFP_KERNEL); | |
473 | if (g) | |
474 | return &g->h; | |
475 | else | |
476 | return NULL; | |
477 | } | |
478 | ||
479 | static void unix_gid_request(struct cache_detail *cd, | |
480 | struct cache_head *h, | |
481 | char **bpp, int *blen) | |
482 | { | |
483 | char tuid[20]; | |
484 | struct unix_gid *ug = container_of(h, struct unix_gid, h); | |
485 | ||
486 | snprintf(tuid, 20, "%u", ug->uid); | |
487 | qword_add(bpp, blen, tuid); | |
488 | (*bpp)[-1] = '\n'; | |
489 | } | |
490 | ||
bc74b4f5 TM |
491 | static int unix_gid_upcall(struct cache_detail *cd, struct cache_head *h) |
492 | { | |
493 | return sunrpc_cache_pipe_upcall(cd, h, unix_gid_request); | |
494 | } | |
495 | ||
73393232 | 496 | static struct unix_gid *unix_gid_lookup(struct cache_detail *cd, uid_t uid); |
3fc605a2 N |
497 | |
498 | static int unix_gid_parse(struct cache_detail *cd, | |
499 | char *mesg, int mlen) | |
500 | { | |
501 | /* uid expiry Ngid gid0 gid1 ... gidN-1 */ | |
502 | int uid; | |
503 | int gids; | |
504 | int rv; | |
505 | int i; | |
506 | int err; | |
507 | time_t expiry; | |
508 | struct unix_gid ug, *ugp; | |
509 | ||
3476964d | 510 | if (mesg[mlen - 1] != '\n') |
3fc605a2 N |
511 | return -EINVAL; |
512 | mesg[mlen-1] = 0; | |
513 | ||
514 | rv = get_int(&mesg, &uid); | |
515 | if (rv) | |
516 | return -EINVAL; | |
517 | ug.uid = uid; | |
518 | ||
519 | expiry = get_expiry(&mesg); | |
520 | if (expiry == 0) | |
521 | return -EINVAL; | |
522 | ||
523 | rv = get_int(&mesg, &gids); | |
524 | if (rv || gids < 0 || gids > 8192) | |
525 | return -EINVAL; | |
526 | ||
527 | ug.gi = groups_alloc(gids); | |
528 | if (!ug.gi) | |
529 | return -ENOMEM; | |
530 | ||
531 | for (i = 0 ; i < gids ; i++) { | |
532 | int gid; | |
533 | rv = get_int(&mesg, &gid); | |
534 | err = -EINVAL; | |
535 | if (rv) | |
536 | goto out; | |
537 | GROUP_AT(ug.gi, i) = gid; | |
538 | } | |
539 | ||
73393232 | 540 | ugp = unix_gid_lookup(cd, uid); |
3fc605a2 N |
541 | if (ugp) { |
542 | struct cache_head *ch; | |
543 | ug.h.flags = 0; | |
544 | ug.h.expiry_time = expiry; | |
73393232 | 545 | ch = sunrpc_cache_update(cd, |
3fc605a2 N |
546 | &ug.h, &ugp->h, |
547 | hash_long(uid, GID_HASHBITS)); | |
548 | if (!ch) | |
549 | err = -ENOMEM; | |
550 | else { | |
551 | err = 0; | |
73393232 | 552 | cache_put(ch, cd); |
3fc605a2 N |
553 | } |
554 | } else | |
555 | err = -ENOMEM; | |
556 | out: | |
557 | if (ug.gi) | |
558 | put_group_info(ug.gi); | |
559 | return err; | |
560 | } | |
561 | ||
562 | static int unix_gid_show(struct seq_file *m, | |
563 | struct cache_detail *cd, | |
564 | struct cache_head *h) | |
565 | { | |
566 | struct unix_gid *ug; | |
567 | int i; | |
568 | int glen; | |
569 | ||
570 | if (h == NULL) { | |
571 | seq_puts(m, "#uid cnt: gids...\n"); | |
572 | return 0; | |
573 | } | |
574 | ug = container_of(h, struct unix_gid, h); | |
575 | if (test_bit(CACHE_VALID, &h->flags) && | |
576 | !test_bit(CACHE_NEGATIVE, &h->flags)) | |
577 | glen = ug->gi->ngroups; | |
578 | else | |
579 | glen = 0; | |
580 | ||
ccdb357c | 581 | seq_printf(m, "%u %d:", ug->uid, glen); |
3fc605a2 N |
582 | for (i = 0; i < glen; i++) |
583 | seq_printf(m, " %d", GROUP_AT(ug->gi, i)); | |
584 | seq_printf(m, "\n"); | |
585 | return 0; | |
586 | } | |
587 | ||
73393232 | 588 | static struct cache_detail unix_gid_cache_template = { |
3fc605a2 N |
589 | .owner = THIS_MODULE, |
590 | .hash_size = GID_HASHMAX, | |
3fc605a2 N |
591 | .name = "auth.unix.gid", |
592 | .cache_put = unix_gid_put, | |
bc74b4f5 | 593 | .cache_upcall = unix_gid_upcall, |
3fc605a2 N |
594 | .cache_parse = unix_gid_parse, |
595 | .cache_show = unix_gid_show, | |
596 | .match = unix_gid_match, | |
597 | .init = unix_gid_init, | |
598 | .update = unix_gid_update, | |
599 | .alloc = unix_gid_alloc, | |
600 | }; | |
601 | ||
73393232 SK |
602 | int unix_gid_cache_create(struct net *net) |
603 | { | |
604 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
605 | struct cache_detail *cd; | |
606 | int err; | |
607 | ||
608 | cd = cache_create_net(&unix_gid_cache_template, net); | |
609 | if (IS_ERR(cd)) | |
610 | return PTR_ERR(cd); | |
611 | err = cache_register_net(cd, net); | |
612 | if (err) { | |
613 | cache_destroy_net(cd, net); | |
614 | return err; | |
615 | } | |
616 | sn->unix_gid_cache = cd; | |
617 | return 0; | |
618 | } | |
619 | ||
620 | void unix_gid_cache_destroy(struct net *net) | |
621 | { | |
622 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
623 | struct cache_detail *cd = sn->unix_gid_cache; | |
624 | ||
625 | sn->unix_gid_cache = NULL; | |
626 | cache_purge(cd); | |
627 | cache_unregister_net(cd, net); | |
628 | cache_destroy_net(cd, net); | |
629 | } | |
630 | ||
631 | static struct unix_gid *unix_gid_lookup(struct cache_detail *cd, uid_t uid) | |
3fc605a2 N |
632 | { |
633 | struct unix_gid ug; | |
634 | struct cache_head *ch; | |
635 | ||
636 | ug.uid = uid; | |
73393232 | 637 | ch = sunrpc_cache_lookup(cd, &ug.h, hash_long(uid, GID_HASHBITS)); |
3fc605a2 N |
638 | if (ch) |
639 | return container_of(ch, struct unix_gid, h); | |
640 | else | |
641 | return NULL; | |
642 | } | |
643 | ||
dc83d6e2 | 644 | static struct group_info *unix_gid_find(uid_t uid, struct svc_rqst *rqstp) |
3fc605a2 | 645 | { |
dc83d6e2 BF |
646 | struct unix_gid *ug; |
647 | struct group_info *gi; | |
648 | int ret; | |
73393232 SK |
649 | struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, |
650 | sunrpc_net_id); | |
dc83d6e2 | 651 | |
73393232 | 652 | ug = unix_gid_lookup(sn->unix_gid_cache, uid); |
3fc605a2 | 653 | if (!ug) |
dc83d6e2 | 654 | return ERR_PTR(-EAGAIN); |
73393232 | 655 | ret = cache_check(sn->unix_gid_cache, &ug->h, &rqstp->rq_chandle); |
dc83d6e2 | 656 | switch (ret) { |
3fc605a2 | 657 | case -ENOENT: |
dc83d6e2 | 658 | return ERR_PTR(-ENOENT); |
1ebede86 N |
659 | case -ETIMEDOUT: |
660 | return ERR_PTR(-ESHUTDOWN); | |
3fc605a2 | 661 | case 0: |
dc83d6e2 | 662 | gi = get_group_info(ug->gi); |
73393232 | 663 | cache_put(&ug->h, sn->unix_gid_cache); |
dc83d6e2 | 664 | return gi; |
3fc605a2 | 665 | default: |
dc83d6e2 | 666 | return ERR_PTR(-EAGAIN); |
3fc605a2 N |
667 | } |
668 | } | |
669 | ||
3ab4d8b1 | 670 | int |
1da177e4 LT |
671 | svcauth_unix_set_client(struct svc_rqst *rqstp) |
672 | { | |
f15364bd AC |
673 | struct sockaddr_in *sin; |
674 | struct sockaddr_in6 *sin6, sin6_storage; | |
1a9917c2 | 675 | struct ip_map *ipm; |
dc83d6e2 BF |
676 | struct group_info *gi; |
677 | struct svc_cred *cred = &rqstp->rq_cred; | |
3be4479f | 678 | struct svc_xprt *xprt = rqstp->rq_xprt; |
90d51b02 PE |
679 | struct net *net = xprt->xpt_net; |
680 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
1da177e4 | 681 | |
f15364bd AC |
682 | switch (rqstp->rq_addr.ss_family) { |
683 | case AF_INET: | |
684 | sin = svc_addr_in(rqstp); | |
685 | sin6 = &sin6_storage; | |
b301e82c | 686 | ipv6_addr_set_v4mapped(sin->sin_addr.s_addr, &sin6->sin6_addr); |
f15364bd AC |
687 | break; |
688 | case AF_INET6: | |
689 | sin6 = svc_addr_in6(rqstp); | |
690 | break; | |
691 | default: | |
692 | BUG(); | |
693 | } | |
694 | ||
1da177e4 LT |
695 | rqstp->rq_client = NULL; |
696 | if (rqstp->rq_proc == 0) | |
697 | return SVC_OK; | |
698 | ||
3be4479f | 699 | ipm = ip_map_cached_get(xprt); |
7b2b1fee | 700 | if (ipm == NULL) |
90d51b02 | 701 | ipm = __ip_map_lookup(sn->ip_map_cache, rqstp->rq_server->sv_program->pg_class, |
f15364bd | 702 | &sin6->sin6_addr); |
1da177e4 LT |
703 | |
704 | if (ipm == NULL) | |
705 | return SVC_DENIED; | |
706 | ||
90d51b02 | 707 | switch (cache_check(sn->ip_map_cache, &ipm->h, &rqstp->rq_chandle)) { |
1da177e4 LT |
708 | default: |
709 | BUG(); | |
e0bb89ef | 710 | case -ETIMEDOUT: |
1ebede86 N |
711 | return SVC_CLOSE; |
712 | case -EAGAIN: | |
1da177e4 LT |
713 | return SVC_DROP; |
714 | case -ENOENT: | |
715 | return SVC_DENIED; | |
716 | case 0: | |
717 | rqstp->rq_client = &ipm->m_client->h; | |
efc36aa5 | 718 | kref_get(&rqstp->rq_client->ref); |
3be4479f | 719 | ip_map_cached_put(xprt, ipm); |
1da177e4 LT |
720 | break; |
721 | } | |
dc83d6e2 BF |
722 | |
723 | gi = unix_gid_find(cred->cr_uid, rqstp); | |
724 | switch (PTR_ERR(gi)) { | |
725 | case -EAGAIN: | |
726 | return SVC_DROP; | |
1ebede86 N |
727 | case -ESHUTDOWN: |
728 | return SVC_CLOSE; | |
dc83d6e2 BF |
729 | case -ENOENT: |
730 | break; | |
731 | default: | |
732 | put_group_info(cred->cr_group_info); | |
733 | cred->cr_group_info = gi; | |
734 | } | |
1da177e4 LT |
735 | return SVC_OK; |
736 | } | |
737 | ||
24c3767e | 738 | EXPORT_SYMBOL_GPL(svcauth_unix_set_client); |
3ab4d8b1 | 739 | |
1da177e4 | 740 | static int |
d8ed029d | 741 | svcauth_null_accept(struct svc_rqst *rqstp, __be32 *authp) |
1da177e4 LT |
742 | { |
743 | struct kvec *argv = &rqstp->rq_arg.head[0]; | |
744 | struct kvec *resv = &rqstp->rq_res.head[0]; | |
745 | struct svc_cred *cred = &rqstp->rq_cred; | |
746 | ||
747 | cred->cr_group_info = NULL; | |
748 | rqstp->rq_client = NULL; | |
749 | ||
750 | if (argv->iov_len < 3*4) | |
751 | return SVC_GARBAGE; | |
752 | ||
cca5172a | 753 | if (svc_getu32(argv) != 0) { |
1da177e4 LT |
754 | dprintk("svc: bad null cred\n"); |
755 | *authp = rpc_autherr_badcred; | |
756 | return SVC_DENIED; | |
757 | } | |
76994313 | 758 | if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { |
1da177e4 LT |
759 | dprintk("svc: bad null verf\n"); |
760 | *authp = rpc_autherr_badverf; | |
761 | return SVC_DENIED; | |
762 | } | |
763 | ||
764 | /* Signal that mapping to nobody uid/gid is required */ | |
765 | cred->cr_uid = (uid_t) -1; | |
766 | cred->cr_gid = (gid_t) -1; | |
767 | cred->cr_group_info = groups_alloc(0); | |
768 | if (cred->cr_group_info == NULL) | |
1ebede86 | 769 | return SVC_CLOSE; /* kmalloc failure - client must retry */ |
1da177e4 LT |
770 | |
771 | /* Put NULL verifier */ | |
76994313 AD |
772 | svc_putnl(resv, RPC_AUTH_NULL); |
773 | svc_putnl(resv, 0); | |
1da177e4 | 774 | |
c4170583 | 775 | rqstp->rq_flavor = RPC_AUTH_NULL; |
1da177e4 LT |
776 | return SVC_OK; |
777 | } | |
778 | ||
779 | static int | |
780 | svcauth_null_release(struct svc_rqst *rqstp) | |
781 | { | |
782 | if (rqstp->rq_client) | |
783 | auth_domain_put(rqstp->rq_client); | |
784 | rqstp->rq_client = NULL; | |
785 | if (rqstp->rq_cred.cr_group_info) | |
786 | put_group_info(rqstp->rq_cred.cr_group_info); | |
787 | rqstp->rq_cred.cr_group_info = NULL; | |
788 | ||
789 | return 0; /* don't drop */ | |
790 | } | |
791 | ||
792 | ||
793 | struct auth_ops svcauth_null = { | |
794 | .name = "null", | |
795 | .owner = THIS_MODULE, | |
796 | .flavour = RPC_AUTH_NULL, | |
797 | .accept = svcauth_null_accept, | |
798 | .release = svcauth_null_release, | |
799 | .set_client = svcauth_unix_set_client, | |
800 | }; | |
801 | ||
802 | ||
803 | static int | |
d8ed029d | 804 | svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp) |
1da177e4 LT |
805 | { |
806 | struct kvec *argv = &rqstp->rq_arg.head[0]; | |
807 | struct kvec *resv = &rqstp->rq_res.head[0]; | |
808 | struct svc_cred *cred = &rqstp->rq_cred; | |
809 | u32 slen, i; | |
810 | int len = argv->iov_len; | |
811 | ||
812 | cred->cr_group_info = NULL; | |
813 | rqstp->rq_client = NULL; | |
814 | ||
815 | if ((len -= 3*4) < 0) | |
816 | return SVC_GARBAGE; | |
817 | ||
818 | svc_getu32(argv); /* length */ | |
819 | svc_getu32(argv); /* time stamp */ | |
76994313 | 820 | slen = XDR_QUADLEN(svc_getnl(argv)); /* machname length */ |
1da177e4 LT |
821 | if (slen > 64 || (len -= (slen + 3)*4) < 0) |
822 | goto badcred; | |
d8ed029d | 823 | argv->iov_base = (void*)((__be32*)argv->iov_base + slen); /* skip machname */ |
1da177e4 LT |
824 | argv->iov_len -= slen*4; |
825 | ||
76994313 AD |
826 | cred->cr_uid = svc_getnl(argv); /* uid */ |
827 | cred->cr_gid = svc_getnl(argv); /* gid */ | |
828 | slen = svc_getnl(argv); /* gids length */ | |
1da177e4 LT |
829 | if (slen > 16 || (len -= (slen + 2)*4) < 0) |
830 | goto badcred; | |
dc83d6e2 BF |
831 | cred->cr_group_info = groups_alloc(slen); |
832 | if (cred->cr_group_info == NULL) | |
1ebede86 | 833 | return SVC_CLOSE; |
dc83d6e2 BF |
834 | for (i = 0; i < slen; i++) |
835 | GROUP_AT(cred->cr_group_info, i) = svc_getnl(argv); | |
76994313 | 836 | if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { |
1da177e4 LT |
837 | *authp = rpc_autherr_badverf; |
838 | return SVC_DENIED; | |
839 | } | |
840 | ||
841 | /* Put NULL verifier */ | |
76994313 AD |
842 | svc_putnl(resv, RPC_AUTH_NULL); |
843 | svc_putnl(resv, 0); | |
1da177e4 | 844 | |
c4170583 | 845 | rqstp->rq_flavor = RPC_AUTH_UNIX; |
1da177e4 LT |
846 | return SVC_OK; |
847 | ||
848 | badcred: | |
849 | *authp = rpc_autherr_badcred; | |
850 | return SVC_DENIED; | |
851 | } | |
852 | ||
853 | static int | |
854 | svcauth_unix_release(struct svc_rqst *rqstp) | |
855 | { | |
856 | /* Verifier (such as it is) is already in place. | |
857 | */ | |
858 | if (rqstp->rq_client) | |
859 | auth_domain_put(rqstp->rq_client); | |
860 | rqstp->rq_client = NULL; | |
861 | if (rqstp->rq_cred.cr_group_info) | |
862 | put_group_info(rqstp->rq_cred.cr_group_info); | |
863 | rqstp->rq_cred.cr_group_info = NULL; | |
864 | ||
865 | return 0; | |
866 | } | |
867 | ||
868 | ||
869 | struct auth_ops svcauth_unix = { | |
870 | .name = "unix", | |
871 | .owner = THIS_MODULE, | |
872 | .flavour = RPC_AUTH_UNIX, | |
873 | .accept = svcauth_unix_accept, | |
874 | .release = svcauth_unix_release, | |
875 | .domain_release = svcauth_unix_domain_release, | |
876 | .set_client = svcauth_unix_set_client, | |
877 | }; | |
878 | ||
d05cc104 SK |
879 | static struct cache_detail ip_map_cache_template = { |
880 | .owner = THIS_MODULE, | |
881 | .hash_size = IP_HASHMAX, | |
882 | .name = "auth.unix.ip", | |
883 | .cache_put = ip_map_put, | |
884 | .cache_upcall = ip_map_upcall, | |
885 | .cache_parse = ip_map_parse, | |
886 | .cache_show = ip_map_show, | |
887 | .match = ip_map_match, | |
888 | .init = ip_map_init, | |
889 | .update = update, | |
890 | .alloc = ip_map_alloc, | |
891 | }; | |
892 | ||
90d51b02 PE |
893 | int ip_map_cache_create(struct net *net) |
894 | { | |
90d51b02 | 895 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); |
d05cc104 SK |
896 | struct cache_detail *cd; |
897 | int err; | |
90d51b02 | 898 | |
d05cc104 SK |
899 | cd = cache_create_net(&ip_map_cache_template, net); |
900 | if (IS_ERR(cd)) | |
901 | return PTR_ERR(cd); | |
90d51b02 | 902 | err = cache_register_net(cd, net); |
d05cc104 SK |
903 | if (err) { |
904 | cache_destroy_net(cd, net); | |
905 | return err; | |
906 | } | |
90d51b02 PE |
907 | sn->ip_map_cache = cd; |
908 | return 0; | |
90d51b02 PE |
909 | } |
910 | ||
911 | void ip_map_cache_destroy(struct net *net) | |
912 | { | |
d05cc104 SK |
913 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); |
914 | struct cache_detail *cd = sn->ip_map_cache; | |
90d51b02 | 915 | |
d05cc104 SK |
916 | sn->ip_map_cache = NULL; |
917 | cache_purge(cd); | |
918 | cache_unregister_net(cd, net); | |
919 | cache_destroy_net(cd, net); | |
90d51b02 | 920 | } |