xref: /openbmc/linux/fs/nfsd/auth.c (revision e868d61272caa648214046a096e5a6bfc068dc8c)
1 /*
2  * linux/fs/nfsd/auth.c
3  *
4  * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
5  */
6 
7 #include <linux/types.h>
8 #include <linux/sched.h>
9 #include <linux/sunrpc/svc.h>
10 #include <linux/sunrpc/svcauth.h>
11 #include <linux/nfsd/nfsd.h>
12 
13 #define	CAP_NFSD_MASK (CAP_FS_MASK|CAP_TO_MASK(CAP_SYS_RESOURCE))
14 
15 int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
16 {
17 	struct svc_cred	cred = rqstp->rq_cred;
18 	int i;
19 	int ret;
20 
21 	if (exp->ex_flags & NFSEXP_ALLSQUASH) {
22 		cred.cr_uid = exp->ex_anon_uid;
23 		cred.cr_gid = exp->ex_anon_gid;
24 		cred.cr_group_info = groups_alloc(0);
25 	} else if (exp->ex_flags & NFSEXP_ROOTSQUASH) {
26 		struct group_info *gi;
27 		if (!cred.cr_uid)
28 			cred.cr_uid = exp->ex_anon_uid;
29 		if (!cred.cr_gid)
30 			cred.cr_gid = exp->ex_anon_gid;
31 		gi = groups_alloc(cred.cr_group_info->ngroups);
32 		if (gi)
33 			for (i = 0; i < cred.cr_group_info->ngroups; i++) {
34 				if (!GROUP_AT(cred.cr_group_info, i))
35 					GROUP_AT(gi, i) = exp->ex_anon_gid;
36 				else
37 					GROUP_AT(gi, i) = GROUP_AT(cred.cr_group_info, i);
38 			}
39 		cred.cr_group_info = gi;
40 	} else
41 		get_group_info(cred.cr_group_info);
42 
43 	if (cred.cr_uid != (uid_t) -1)
44 		current->fsuid = cred.cr_uid;
45 	else
46 		current->fsuid = exp->ex_anon_uid;
47 	if (cred.cr_gid != (gid_t) -1)
48 		current->fsgid = cred.cr_gid;
49 	else
50 		current->fsgid = exp->ex_anon_gid;
51 
52 	if (!cred.cr_group_info)
53 		return -ENOMEM;
54 	ret = set_current_groups(cred.cr_group_info);
55 	put_group_info(cred.cr_group_info);
56 	if ((cred.cr_uid)) {
57 		cap_t(current->cap_effective) &= ~CAP_NFSD_MASK;
58 	} else {
59 		cap_t(current->cap_effective) |= (CAP_NFSD_MASK &
60 						  current->cap_permitted);
61 	}
62 	return ret;
63 }
64