1 // SPDX-License-Identifier: GPL-2.0-only
3 * linux/net/sunrpc/svcauth.c
5 * The generic interface for RPC authentication on the server side.
7 * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
10 * 19-Apr-2000 Chris Evans - Security fix
13 #include <linux/types.h>
14 #include <linux/module.h>
15 #include <linux/sunrpc/types.h>
16 #include <linux/sunrpc/xdr.h>
17 #include <linux/sunrpc/svcsock.h>
18 #include <linux/sunrpc/svcauth.h>
19 #include <linux/err.h>
20 #include <linux/hash.h>
22 #define RPCDBG_FACILITY RPCDBG_AUTH
26 * Table of authenticators
28 extern struct auth_ops svcauth_null
;
29 extern struct auth_ops svcauth_unix
;
31 static struct auth_ops __rcu
*authtab
[RPC_AUTH_MAXFLAVOR
] = {
32 [RPC_AUTH_NULL
] = (struct auth_ops __force __rcu
*)&svcauth_null
,
33 [RPC_AUTH_UNIX
] = (struct auth_ops __force __rcu
*)&svcauth_unix
,
36 static struct auth_ops
*
37 svc_get_auth_ops(rpc_authflavor_t flavor
)
39 struct auth_ops
*aops
;
41 if (flavor
>= RPC_AUTH_MAXFLAVOR
)
44 aops
= rcu_dereference(authtab
[flavor
]);
45 if (aops
!= NULL
&& !try_module_get(aops
->owner
))
52 svc_put_auth_ops(struct auth_ops
*aops
)
54 module_put(aops
->owner
);
58 svc_authenticate(struct svc_rqst
*rqstp
, __be32
*authp
)
60 rpc_authflavor_t flavor
;
61 struct auth_ops
*aops
;
65 flavor
= svc_getnl(&rqstp
->rq_arg
.head
[0]);
67 dprintk("svc: svc_authenticate (%d)\n", flavor
);
69 aops
= svc_get_auth_ops(flavor
);
71 *authp
= rpc_autherr_badcred
;
75 rqstp
->rq_auth_slack
= 0;
76 init_svc_cred(&rqstp
->rq_cred
);
78 rqstp
->rq_authop
= aops
;
79 return aops
->accept(rqstp
, authp
);
81 EXPORT_SYMBOL_GPL(svc_authenticate
);
83 int svc_set_client(struct svc_rqst
*rqstp
)
85 rqstp
->rq_client
= NULL
;
86 return rqstp
->rq_authop
->set_client(rqstp
);
88 EXPORT_SYMBOL_GPL(svc_set_client
);
90 /* A request, which was authenticated, has now executed.
91 * Time to finalise the credentials and verifier
92 * and release and resources
94 int svc_authorise(struct svc_rqst
*rqstp
)
96 struct auth_ops
*aops
= rqstp
->rq_authop
;
99 rqstp
->rq_authop
= NULL
;
102 rv
= aops
->release(rqstp
);
103 svc_put_auth_ops(aops
);
109 svc_auth_register(rpc_authflavor_t flavor
, struct auth_ops
*aops
)
111 struct auth_ops
*old
;
114 if (flavor
< RPC_AUTH_MAXFLAVOR
) {
115 old
= cmpxchg((struct auth_ops
** __force
)&authtab
[flavor
], NULL
, aops
);
116 if (old
== NULL
|| old
== aops
)
121 EXPORT_SYMBOL_GPL(svc_auth_register
);
124 svc_auth_unregister(rpc_authflavor_t flavor
)
126 if (flavor
< RPC_AUTH_MAXFLAVOR
)
127 rcu_assign_pointer(authtab
[flavor
], NULL
);
129 EXPORT_SYMBOL_GPL(svc_auth_unregister
);
131 /**************************************************
132 * 'auth_domains' are stored in a hash table indexed by name.
133 * When the last reference to an 'auth_domain' is dropped,
134 * the object is unhashed and freed.
135 * If auth_domain_lookup fails to find an entry, it will return
136 * it's second argument 'new'. If this is non-null, it will
137 * have been atomically linked into the table.
140 #define DN_HASHBITS 6
141 #define DN_HASHMAX (1<<DN_HASHBITS)
143 static struct hlist_head auth_domain_table
[DN_HASHMAX
];
144 static DEFINE_SPINLOCK(auth_domain_lock
);
146 static void auth_domain_release(struct kref
*kref
)
147 __releases(&auth_domain_lock
)
149 struct auth_domain
*dom
= container_of(kref
, struct auth_domain
, ref
);
151 hlist_del_rcu(&dom
->hash
);
152 dom
->flavour
->domain_release(dom
);
153 spin_unlock(&auth_domain_lock
);
156 void auth_domain_put(struct auth_domain
*dom
)
158 kref_put_lock(&dom
->ref
, auth_domain_release
, &auth_domain_lock
);
160 EXPORT_SYMBOL_GPL(auth_domain_put
);
163 auth_domain_lookup(char *name
, struct auth_domain
*new)
165 struct auth_domain
*hp
;
166 struct hlist_head
*head
;
168 head
= &auth_domain_table
[hash_str(name
, DN_HASHBITS
)];
170 spin_lock(&auth_domain_lock
);
172 hlist_for_each_entry(hp
, head
, hash
) {
173 if (strcmp(hp
->name
, name
)==0) {
175 spin_unlock(&auth_domain_lock
);
180 hlist_add_head_rcu(&new->hash
, head
);
181 spin_unlock(&auth_domain_lock
);
184 EXPORT_SYMBOL_GPL(auth_domain_lookup
);
186 struct auth_domain
*auth_domain_find(char *name
)
188 struct auth_domain
*hp
;
189 struct hlist_head
*head
;
191 head
= &auth_domain_table
[hash_str(name
, DN_HASHBITS
)];
194 hlist_for_each_entry_rcu(hp
, head
, hash
) {
195 if (strcmp(hp
->name
, name
)==0) {
196 if (!kref_get_unless_zero(&hp
->ref
))
205 EXPORT_SYMBOL_GPL(auth_domain_find
);