2 * linux/net/sunrpc/auth.c
4 * Generic RPC client authentication API.
6 * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>
9 #include <linux/types.h>
10 #include <linux/sched.h>
11 #include <linux/module.h>
12 #include <linux/slab.h>
13 #include <linux/errno.h>
14 #include <linux/hash.h>
15 #include <linux/sunrpc/clnt.h>
16 #include <linux/sunrpc/gss_api.h>
17 #include <linux/spinlock.h>
19 #if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
20 # define RPCDBG_FACILITY RPCDBG_AUTH
23 #define RPC_CREDCACHE_DEFAULT_HASHBITS (4)
24 struct rpc_cred_cache
{
25 struct hlist_head
*hashtable
;
26 unsigned int hashbits
;
30 static unsigned int auth_hashbits
= RPC_CREDCACHE_DEFAULT_HASHBITS
;
32 static DEFINE_SPINLOCK(rpc_authflavor_lock
);
33 static const struct rpc_authops
*auth_flavors
[RPC_AUTH_MAXFLAVOR
] = {
34 &authnull_ops
, /* AUTH_NULL */
35 &authunix_ops
, /* AUTH_UNIX */
36 NULL
, /* others can be loadable modules */
39 static LIST_HEAD(cred_unused
);
40 static unsigned long number_cred_unused
;
42 #define MAX_HASHTABLE_BITS (14)
43 static int param_set_hashtbl_sz(const char *val
, const struct kernel_param
*kp
)
51 ret
= kstrtoul(val
, 0, &num
);
55 if (nbits
> MAX_HASHTABLE_BITS
|| nbits
< 2)
57 *(unsigned int *)kp
->arg
= nbits
;
63 static int param_get_hashtbl_sz(char *buffer
, const struct kernel_param
*kp
)
67 nbits
= *(unsigned int *)kp
->arg
;
68 return sprintf(buffer
, "%u", 1U << nbits
);
71 #define param_check_hashtbl_sz(name, p) __param_check(name, p, unsigned int);
73 static const struct kernel_param_ops param_ops_hashtbl_sz
= {
74 .set
= param_set_hashtbl_sz
,
75 .get
= param_get_hashtbl_sz
,
78 module_param_named(auth_hashtable_size
, auth_hashbits
, hashtbl_sz
, 0644);
79 MODULE_PARM_DESC(auth_hashtable_size
, "RPC credential cache hashtable size");
81 static unsigned long auth_max_cred_cachesize
= ULONG_MAX
;
82 module_param(auth_max_cred_cachesize
, ulong
, 0644);
83 MODULE_PARM_DESC(auth_max_cred_cachesize
, "RPC credential maximum total cache size");
86 pseudoflavor_to_flavor(u32 flavor
) {
87 if (flavor
> RPC_AUTH_MAXFLAVOR
)
93 rpcauth_register(const struct rpc_authops
*ops
)
95 rpc_authflavor_t flavor
;
98 if ((flavor
= ops
->au_flavor
) >= RPC_AUTH_MAXFLAVOR
)
100 spin_lock(&rpc_authflavor_lock
);
101 if (auth_flavors
[flavor
] == NULL
) {
102 auth_flavors
[flavor
] = ops
;
105 spin_unlock(&rpc_authflavor_lock
);
108 EXPORT_SYMBOL_GPL(rpcauth_register
);
111 rpcauth_unregister(const struct rpc_authops
*ops
)
113 rpc_authflavor_t flavor
;
116 if ((flavor
= ops
->au_flavor
) >= RPC_AUTH_MAXFLAVOR
)
118 spin_lock(&rpc_authflavor_lock
);
119 if (auth_flavors
[flavor
] == ops
) {
120 auth_flavors
[flavor
] = NULL
;
123 spin_unlock(&rpc_authflavor_lock
);
126 EXPORT_SYMBOL_GPL(rpcauth_unregister
);
129 * rpcauth_get_pseudoflavor - check if security flavor is supported
130 * @flavor: a security flavor
131 * @info: a GSS mech OID, quality of protection, and service value
133 * Verifies that an appropriate kernel module is available or already loaded.
134 * Returns an equivalent pseudoflavor, or RPC_AUTH_MAXFLAVOR if "flavor" is
135 * not supported locally.
138 rpcauth_get_pseudoflavor(rpc_authflavor_t flavor
, struct rpcsec_gss_info
*info
)
140 const struct rpc_authops
*ops
;
141 rpc_authflavor_t pseudoflavor
;
143 ops
= auth_flavors
[flavor
];
145 request_module("rpc-auth-%u", flavor
);
146 spin_lock(&rpc_authflavor_lock
);
147 ops
= auth_flavors
[flavor
];
148 if (ops
== NULL
|| !try_module_get(ops
->owner
)) {
149 spin_unlock(&rpc_authflavor_lock
);
150 return RPC_AUTH_MAXFLAVOR
;
152 spin_unlock(&rpc_authflavor_lock
);
154 pseudoflavor
= flavor
;
155 if (ops
->info2flavor
!= NULL
)
156 pseudoflavor
= ops
->info2flavor(info
);
158 module_put(ops
->owner
);
161 EXPORT_SYMBOL_GPL(rpcauth_get_pseudoflavor
);
164 * rpcauth_get_gssinfo - find GSS tuple matching a GSS pseudoflavor
165 * @pseudoflavor: GSS pseudoflavor to match
166 * @info: rpcsec_gss_info structure to fill in
168 * Returns zero and fills in "info" if pseudoflavor matches a
169 * supported mechanism.
172 rpcauth_get_gssinfo(rpc_authflavor_t pseudoflavor
, struct rpcsec_gss_info
*info
)
174 rpc_authflavor_t flavor
= pseudoflavor_to_flavor(pseudoflavor
);
175 const struct rpc_authops
*ops
;
178 if (flavor
>= RPC_AUTH_MAXFLAVOR
)
181 ops
= auth_flavors
[flavor
];
183 request_module("rpc-auth-%u", flavor
);
184 spin_lock(&rpc_authflavor_lock
);
185 ops
= auth_flavors
[flavor
];
186 if (ops
== NULL
|| !try_module_get(ops
->owner
)) {
187 spin_unlock(&rpc_authflavor_lock
);
190 spin_unlock(&rpc_authflavor_lock
);
193 if (ops
->flavor2info
!= NULL
)
194 result
= ops
->flavor2info(pseudoflavor
, info
);
196 module_put(ops
->owner
);
199 EXPORT_SYMBOL_GPL(rpcauth_get_gssinfo
);
202 * rpcauth_list_flavors - discover registered flavors and pseudoflavors
203 * @array: array to fill in
204 * @size: size of "array"
206 * Returns the number of array items filled in, or a negative errno.
208 * The returned array is not sorted by any policy. Callers should not
209 * rely on the order of the items in the returned array.
212 rpcauth_list_flavors(rpc_authflavor_t
*array
, int size
)
214 rpc_authflavor_t flavor
;
217 spin_lock(&rpc_authflavor_lock
);
218 for (flavor
= 0; flavor
< RPC_AUTH_MAXFLAVOR
; flavor
++) {
219 const struct rpc_authops
*ops
= auth_flavors
[flavor
];
220 rpc_authflavor_t pseudos
[4];
223 if (result
>= size
) {
230 if (ops
->list_pseudoflavors
== NULL
) {
231 array
[result
++] = ops
->au_flavor
;
234 len
= ops
->list_pseudoflavors(pseudos
, ARRAY_SIZE(pseudos
));
239 for (i
= 0; i
< len
; i
++) {
240 if (result
>= size
) {
244 array
[result
++] = pseudos
[i
];
247 spin_unlock(&rpc_authflavor_lock
);
249 dprintk("RPC: %s returns %d\n", __func__
, result
);
252 EXPORT_SYMBOL_GPL(rpcauth_list_flavors
);
255 rpcauth_create(struct rpc_auth_create_args
*args
, struct rpc_clnt
*clnt
)
257 struct rpc_auth
*auth
;
258 const struct rpc_authops
*ops
;
259 u32 flavor
= pseudoflavor_to_flavor(args
->pseudoflavor
);
261 auth
= ERR_PTR(-EINVAL
);
262 if (flavor
>= RPC_AUTH_MAXFLAVOR
)
265 if ((ops
= auth_flavors
[flavor
]) == NULL
)
266 request_module("rpc-auth-%u", flavor
);
267 spin_lock(&rpc_authflavor_lock
);
268 ops
= auth_flavors
[flavor
];
269 if (ops
== NULL
|| !try_module_get(ops
->owner
)) {
270 spin_unlock(&rpc_authflavor_lock
);
273 spin_unlock(&rpc_authflavor_lock
);
274 auth
= ops
->create(args
, clnt
);
275 module_put(ops
->owner
);
279 rpcauth_release(clnt
->cl_auth
);
280 clnt
->cl_auth
= auth
;
285 EXPORT_SYMBOL_GPL(rpcauth_create
);
288 rpcauth_release(struct rpc_auth
*auth
)
290 if (!atomic_dec_and_test(&auth
->au_count
))
292 auth
->au_ops
->destroy(auth
);
295 static DEFINE_SPINLOCK(rpc_credcache_lock
);
298 rpcauth_unhash_cred_locked(struct rpc_cred
*cred
)
300 hlist_del_rcu(&cred
->cr_hash
);
301 smp_mb__before_atomic();
302 clear_bit(RPCAUTH_CRED_HASHED
, &cred
->cr_flags
);
306 rpcauth_unhash_cred(struct rpc_cred
*cred
)
308 spinlock_t
*cache_lock
;
311 cache_lock
= &cred
->cr_auth
->au_credcache
->lock
;
312 spin_lock(cache_lock
);
313 ret
= atomic_read(&cred
->cr_count
) == 0;
315 rpcauth_unhash_cred_locked(cred
);
316 spin_unlock(cache_lock
);
321 * Initialize RPC credential cache
324 rpcauth_init_credcache(struct rpc_auth
*auth
)
326 struct rpc_cred_cache
*new;
327 unsigned int hashsize
;
329 new = kmalloc(sizeof(*new), GFP_KERNEL
);
332 new->hashbits
= auth_hashbits
;
333 hashsize
= 1U << new->hashbits
;
334 new->hashtable
= kcalloc(hashsize
, sizeof(new->hashtable
[0]), GFP_KERNEL
);
337 spin_lock_init(&new->lock
);
338 auth
->au_credcache
= new;
345 EXPORT_SYMBOL_GPL(rpcauth_init_credcache
);
348 * Setup a credential key lifetime timeout notification
351 rpcauth_key_timeout_notify(struct rpc_auth
*auth
, struct rpc_cred
*cred
)
353 if (!cred
->cr_auth
->au_ops
->key_timeout
)
355 return cred
->cr_auth
->au_ops
->key_timeout(auth
, cred
);
357 EXPORT_SYMBOL_GPL(rpcauth_key_timeout_notify
);
360 rpcauth_cred_key_to_expire(struct rpc_auth
*auth
, struct rpc_cred
*cred
)
362 if (auth
->au_flags
& RPCAUTH_AUTH_NO_CRKEY_TIMEOUT
)
364 if (!cred
->cr_ops
->crkey_to_expire
)
366 return cred
->cr_ops
->crkey_to_expire(cred
);
368 EXPORT_SYMBOL_GPL(rpcauth_cred_key_to_expire
);
371 rpcauth_stringify_acceptor(struct rpc_cred
*cred
)
373 if (!cred
->cr_ops
->crstringify_acceptor
)
375 return cred
->cr_ops
->crstringify_acceptor(cred
);
377 EXPORT_SYMBOL_GPL(rpcauth_stringify_acceptor
);
380 * Destroy a list of credentials
383 void rpcauth_destroy_credlist(struct list_head
*head
)
385 struct rpc_cred
*cred
;
387 while (!list_empty(head
)) {
388 cred
= list_entry(head
->next
, struct rpc_cred
, cr_lru
);
389 list_del_init(&cred
->cr_lru
);
395 * Clear the RPC credential cache, and delete those credentials
396 * that are not referenced.
399 rpcauth_clear_credcache(struct rpc_cred_cache
*cache
)
402 struct hlist_head
*head
;
403 struct rpc_cred
*cred
;
404 unsigned int hashsize
= 1U << cache
->hashbits
;
407 spin_lock(&rpc_credcache_lock
);
408 spin_lock(&cache
->lock
);
409 for (i
= 0; i
< hashsize
; i
++) {
410 head
= &cache
->hashtable
[i
];
411 while (!hlist_empty(head
)) {
412 cred
= hlist_entry(head
->first
, struct rpc_cred
, cr_hash
);
414 if (!list_empty(&cred
->cr_lru
)) {
415 list_del(&cred
->cr_lru
);
416 number_cred_unused
--;
418 list_add_tail(&cred
->cr_lru
, &free
);
419 rpcauth_unhash_cred_locked(cred
);
422 spin_unlock(&cache
->lock
);
423 spin_unlock(&rpc_credcache_lock
);
424 rpcauth_destroy_credlist(&free
);
428 * Destroy the RPC credential cache
431 rpcauth_destroy_credcache(struct rpc_auth
*auth
)
433 struct rpc_cred_cache
*cache
= auth
->au_credcache
;
436 auth
->au_credcache
= NULL
;
437 rpcauth_clear_credcache(cache
);
438 kfree(cache
->hashtable
);
442 EXPORT_SYMBOL_GPL(rpcauth_destroy_credcache
);
445 #define RPC_AUTH_EXPIRY_MORATORIUM (60 * HZ)
448 * Remove stale credentials. Avoid sleeping inside the loop.
451 rpcauth_prune_expired(struct list_head
*free
, int nr_to_scan
)
453 spinlock_t
*cache_lock
;
454 struct rpc_cred
*cred
, *next
;
455 unsigned long expired
= jiffies
- RPC_AUTH_EXPIRY_MORATORIUM
;
458 list_for_each_entry_safe(cred
, next
, &cred_unused
, cr_lru
) {
460 if (nr_to_scan
-- == 0)
463 * Enforce a 60 second garbage collection moratorium
464 * Note that the cred_unused list must be time-ordered.
466 if (time_in_range(cred
->cr_expire
, expired
, jiffies
) &&
467 test_bit(RPCAUTH_CRED_HASHED
, &cred
->cr_flags
) != 0) {
472 list_del_init(&cred
->cr_lru
);
473 number_cred_unused
--;
475 if (atomic_read(&cred
->cr_count
) != 0)
478 cache_lock
= &cred
->cr_auth
->au_credcache
->lock
;
479 spin_lock(cache_lock
);
480 if (atomic_read(&cred
->cr_count
) == 0) {
482 list_add_tail(&cred
->cr_lru
, free
);
483 rpcauth_unhash_cred_locked(cred
);
485 spin_unlock(cache_lock
);
491 rpcauth_cache_do_shrink(int nr_to_scan
)
496 spin_lock(&rpc_credcache_lock
);
497 freed
= rpcauth_prune_expired(&free
, nr_to_scan
);
498 spin_unlock(&rpc_credcache_lock
);
499 rpcauth_destroy_credlist(&free
);
505 * Run memory cache shrinker.
508 rpcauth_cache_shrink_scan(struct shrinker
*shrink
, struct shrink_control
*sc
)
511 if ((sc
->gfp_mask
& GFP_KERNEL
) != GFP_KERNEL
)
514 /* nothing left, don't come back */
515 if (list_empty(&cred_unused
))
518 return rpcauth_cache_do_shrink(sc
->nr_to_scan
);
522 rpcauth_cache_shrink_count(struct shrinker
*shrink
, struct shrink_control
*sc
)
525 return number_cred_unused
* sysctl_vfs_cache_pressure
/ 100;
529 rpcauth_cache_enforce_limit(void)
532 unsigned int nr_to_scan
;
534 if (number_cred_unused
<= auth_max_cred_cachesize
)
536 diff
= number_cred_unused
- auth_max_cred_cachesize
;
538 if (diff
< nr_to_scan
)
540 rpcauth_cache_do_shrink(nr_to_scan
);
544 * Look up a process' credentials in the authentication cache
547 rpcauth_lookup_credcache(struct rpc_auth
*auth
, struct auth_cred
* acred
,
548 int flags
, gfp_t gfp
)
551 struct rpc_cred_cache
*cache
= auth
->au_credcache
;
552 struct rpc_cred
*cred
= NULL
,
556 nr
= auth
->au_ops
->hash_cred(acred
, cache
->hashbits
);
559 hlist_for_each_entry_rcu(entry
, &cache
->hashtable
[nr
], cr_hash
) {
560 if (!entry
->cr_ops
->crmatch(acred
, entry
, flags
))
562 if (flags
& RPCAUTH_LOOKUP_RCU
) {
563 if (test_bit(RPCAUTH_CRED_HASHED
, &entry
->cr_flags
) &&
564 !test_bit(RPCAUTH_CRED_NEW
, &entry
->cr_flags
))
568 spin_lock(&cache
->lock
);
569 if (test_bit(RPCAUTH_CRED_HASHED
, &entry
->cr_flags
) == 0) {
570 spin_unlock(&cache
->lock
);
573 cred
= get_rpccred(entry
);
574 spin_unlock(&cache
->lock
);
582 if (flags
& RPCAUTH_LOOKUP_RCU
)
583 return ERR_PTR(-ECHILD
);
585 new = auth
->au_ops
->crcreate(auth
, acred
, flags
, gfp
);
591 spin_lock(&cache
->lock
);
592 hlist_for_each_entry(entry
, &cache
->hashtable
[nr
], cr_hash
) {
593 if (!entry
->cr_ops
->crmatch(acred
, entry
, flags
))
595 cred
= get_rpccred(entry
);
600 set_bit(RPCAUTH_CRED_HASHED
, &cred
->cr_flags
);
601 hlist_add_head_rcu(&cred
->cr_hash
, &cache
->hashtable
[nr
]);
603 list_add_tail(&new->cr_lru
, &free
);
604 spin_unlock(&cache
->lock
);
605 rpcauth_cache_enforce_limit();
607 if (test_bit(RPCAUTH_CRED_NEW
, &cred
->cr_flags
) &&
608 cred
->cr_ops
->cr_init
!= NULL
&&
609 !(flags
& RPCAUTH_LOOKUP_NEW
)) {
610 int res
= cred
->cr_ops
->cr_init(auth
, cred
);
616 rpcauth_destroy_credlist(&free
);
620 EXPORT_SYMBOL_GPL(rpcauth_lookup_credcache
);
623 rpcauth_lookupcred(struct rpc_auth
*auth
, int flags
)
625 struct auth_cred acred
;
626 struct rpc_cred
*ret
;
627 const struct cred
*cred
= current_cred();
629 dprintk("RPC: looking up %s cred\n",
630 auth
->au_ops
->au_name
);
632 memset(&acred
, 0, sizeof(acred
));
633 acred
.uid
= cred
->fsuid
;
634 acred
.gid
= cred
->fsgid
;
635 acred
.group_info
= cred
->group_info
;
636 ret
= auth
->au_ops
->lookup_cred(auth
, &acred
, flags
);
639 EXPORT_SYMBOL_GPL(rpcauth_lookupcred
);
642 rpcauth_init_cred(struct rpc_cred
*cred
, const struct auth_cred
*acred
,
643 struct rpc_auth
*auth
, const struct rpc_credops
*ops
)
645 INIT_HLIST_NODE(&cred
->cr_hash
);
646 INIT_LIST_HEAD(&cred
->cr_lru
);
647 atomic_set(&cred
->cr_count
, 1);
648 cred
->cr_auth
= auth
;
650 cred
->cr_expire
= jiffies
;
651 cred
->cr_uid
= acred
->uid
;
653 EXPORT_SYMBOL_GPL(rpcauth_init_cred
);
656 rpcauth_generic_bind_cred(struct rpc_task
*task
, struct rpc_cred
*cred
, int lookupflags
)
658 dprintk("RPC: %5u holding %s cred %p\n", task
->tk_pid
,
659 cred
->cr_auth
->au_ops
->au_name
, cred
);
660 return get_rpccred(cred
);
662 EXPORT_SYMBOL_GPL(rpcauth_generic_bind_cred
);
664 static struct rpc_cred
*
665 rpcauth_bind_root_cred(struct rpc_task
*task
, int lookupflags
)
667 struct rpc_auth
*auth
= task
->tk_client
->cl_auth
;
668 struct auth_cred acred
= {
669 .uid
= GLOBAL_ROOT_UID
,
670 .gid
= GLOBAL_ROOT_GID
,
673 dprintk("RPC: %5u looking up %s cred\n",
674 task
->tk_pid
, task
->tk_client
->cl_auth
->au_ops
->au_name
);
675 return auth
->au_ops
->lookup_cred(auth
, &acred
, lookupflags
);
678 static struct rpc_cred
*
679 rpcauth_bind_new_cred(struct rpc_task
*task
, int lookupflags
)
681 struct rpc_auth
*auth
= task
->tk_client
->cl_auth
;
683 dprintk("RPC: %5u looking up %s cred\n",
684 task
->tk_pid
, auth
->au_ops
->au_name
);
685 return rpcauth_lookupcred(auth
, lookupflags
);
689 rpcauth_bindcred(struct rpc_task
*task
, struct rpc_cred
*cred
, int flags
)
691 struct rpc_rqst
*req
= task
->tk_rqstp
;
692 struct rpc_cred
*new;
695 if (flags
& RPC_TASK_ASYNC
)
696 lookupflags
|= RPCAUTH_LOOKUP_NEW
;
698 new = cred
->cr_ops
->crbind(task
, cred
, lookupflags
);
699 else if (flags
& RPC_TASK_ROOTCREDS
)
700 new = rpcauth_bind_root_cred(task
, lookupflags
);
702 new = rpcauth_bind_new_cred(task
, lookupflags
);
705 put_rpccred(req
->rq_cred
);
711 put_rpccred(struct rpc_cred
*cred
)
715 /* Fast path for unhashed credentials */
716 if (test_bit(RPCAUTH_CRED_HASHED
, &cred
->cr_flags
) == 0) {
717 if (atomic_dec_and_test(&cred
->cr_count
))
718 cred
->cr_ops
->crdestroy(cred
);
722 if (!atomic_dec_and_lock(&cred
->cr_count
, &rpc_credcache_lock
))
724 if (!list_empty(&cred
->cr_lru
)) {
725 number_cred_unused
--;
726 list_del_init(&cred
->cr_lru
);
728 if (test_bit(RPCAUTH_CRED_HASHED
, &cred
->cr_flags
) != 0) {
729 if (test_bit(RPCAUTH_CRED_UPTODATE
, &cred
->cr_flags
) != 0) {
730 cred
->cr_expire
= jiffies
;
731 list_add_tail(&cred
->cr_lru
, &cred_unused
);
732 number_cred_unused
++;
735 if (!rpcauth_unhash_cred(cred
)) {
736 /* We were hashed and someone looked us up... */
740 spin_unlock(&rpc_credcache_lock
);
741 cred
->cr_ops
->crdestroy(cred
);
744 spin_unlock(&rpc_credcache_lock
);
746 EXPORT_SYMBOL_GPL(put_rpccred
);
749 rpcauth_marshcred(struct rpc_task
*task
, __be32
*p
)
751 struct rpc_cred
*cred
= task
->tk_rqstp
->rq_cred
;
753 dprintk("RPC: %5u marshaling %s cred %p\n",
754 task
->tk_pid
, cred
->cr_auth
->au_ops
->au_name
, cred
);
756 return cred
->cr_ops
->crmarshal(task
, p
);
760 rpcauth_checkverf(struct rpc_task
*task
, __be32
*p
)
762 struct rpc_cred
*cred
= task
->tk_rqstp
->rq_cred
;
764 dprintk("RPC: %5u validating %s cred %p\n",
765 task
->tk_pid
, cred
->cr_auth
->au_ops
->au_name
, cred
);
767 return cred
->cr_ops
->crvalidate(task
, p
);
770 static void rpcauth_wrap_req_encode(kxdreproc_t encode
, struct rpc_rqst
*rqstp
,
771 __be32
*data
, void *obj
)
773 struct xdr_stream xdr
;
775 xdr_init_encode(&xdr
, &rqstp
->rq_snd_buf
, data
);
776 encode(rqstp
, &xdr
, obj
);
780 rpcauth_wrap_req(struct rpc_task
*task
, kxdreproc_t encode
, void *rqstp
,
781 __be32
*data
, void *obj
)
783 struct rpc_cred
*cred
= task
->tk_rqstp
->rq_cred
;
785 dprintk("RPC: %5u using %s cred %p to wrap rpc data\n",
786 task
->tk_pid
, cred
->cr_ops
->cr_name
, cred
);
787 if (cred
->cr_ops
->crwrap_req
)
788 return cred
->cr_ops
->crwrap_req(task
, encode
, rqstp
, data
, obj
);
789 /* By default, we encode the arguments normally. */
790 rpcauth_wrap_req_encode(encode
, rqstp
, data
, obj
);
795 rpcauth_unwrap_req_decode(kxdrdproc_t decode
, struct rpc_rqst
*rqstp
,
796 __be32
*data
, void *obj
)
798 struct xdr_stream xdr
;
800 xdr_init_decode(&xdr
, &rqstp
->rq_rcv_buf
, data
);
801 return decode(rqstp
, &xdr
, obj
);
805 rpcauth_unwrap_resp(struct rpc_task
*task
, kxdrdproc_t decode
, void *rqstp
,
806 __be32
*data
, void *obj
)
808 struct rpc_cred
*cred
= task
->tk_rqstp
->rq_cred
;
810 dprintk("RPC: %5u using %s cred %p to unwrap rpc data\n",
811 task
->tk_pid
, cred
->cr_ops
->cr_name
, cred
);
812 if (cred
->cr_ops
->crunwrap_resp
)
813 return cred
->cr_ops
->crunwrap_resp(task
, decode
, rqstp
,
815 /* By default, we decode the arguments normally. */
816 return rpcauth_unwrap_req_decode(decode
, rqstp
, data
, obj
);
820 rpcauth_refreshcred(struct rpc_task
*task
)
822 struct rpc_cred
*cred
;
825 cred
= task
->tk_rqstp
->rq_cred
;
827 err
= rpcauth_bindcred(task
, task
->tk_msg
.rpc_cred
, task
->tk_flags
);
830 cred
= task
->tk_rqstp
->rq_cred
;
832 dprintk("RPC: %5u refreshing %s cred %p\n",
833 task
->tk_pid
, cred
->cr_auth
->au_ops
->au_name
, cred
);
835 err
= cred
->cr_ops
->crrefresh(task
);
838 task
->tk_status
= err
;
843 rpcauth_invalcred(struct rpc_task
*task
)
845 struct rpc_cred
*cred
= task
->tk_rqstp
->rq_cred
;
847 dprintk("RPC: %5u invalidating %s cred %p\n",
848 task
->tk_pid
, cred
->cr_auth
->au_ops
->au_name
, cred
);
850 clear_bit(RPCAUTH_CRED_UPTODATE
, &cred
->cr_flags
);
854 rpcauth_uptodatecred(struct rpc_task
*task
)
856 struct rpc_cred
*cred
= task
->tk_rqstp
->rq_cred
;
858 return cred
== NULL
||
859 test_bit(RPCAUTH_CRED_UPTODATE
, &cred
->cr_flags
) != 0;
862 static struct shrinker rpc_cred_shrinker
= {
863 .count_objects
= rpcauth_cache_shrink_count
,
864 .scan_objects
= rpcauth_cache_shrink_scan
,
865 .seeks
= DEFAULT_SEEKS
,
868 int __init
rpcauth_init_module(void)
872 err
= rpc_init_authunix();
875 err
= rpc_init_generic_auth();
878 err
= register_shrinker(&rpc_cred_shrinker
);
883 rpc_destroy_generic_auth();
885 rpc_destroy_authunix();
890 void rpcauth_remove_module(void)
892 rpc_destroy_authunix();
893 rpc_destroy_generic_auth();
894 unregister_shrinker(&rpc_cred_shrinker
);