1 /* 2 * linux/net/sunrpc/auth_unix.c 3 * 4 * UNIX-style authentication; no AUTH_SHORT support 5 * 6 * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de> 7 */ 8 9 #include <linux/types.h> 10 #include <linux/sched.h> 11 #include <linux/module.h> 12 #include <linux/socket.h> 13 #include <linux/in.h> 14 #include <linux/sunrpc/clnt.h> 15 #include <linux/sunrpc/auth.h> 16 17 #define NFS_NGROUPS 16 18 19 struct unx_cred { 20 struct rpc_cred uc_base; 21 gid_t uc_gid; 22 gid_t uc_gids[NFS_NGROUPS]; 23 }; 24 #define uc_uid uc_base.cr_uid 25 #define uc_count uc_base.cr_count 26 #define uc_flags uc_base.cr_flags 27 #define uc_expire uc_base.cr_expire 28 29 #define UNX_CRED_EXPIRE (60 * HZ) 30 31 #define UNX_WRITESLACK (21 + (UNX_MAXNODENAME >> 2)) 32 33 #ifdef RPC_DEBUG 34 # define RPCDBG_FACILITY RPCDBG_AUTH 35 #endif 36 37 static struct rpc_auth unix_auth; 38 static struct rpc_cred_cache unix_cred_cache; 39 static struct rpc_credops unix_credops; 40 41 static struct rpc_auth * 42 unx_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor) 43 { 44 dprintk("RPC: creating UNIX authenticator for client %p\n", clnt); 45 if (atomic_inc_return(&unix_auth.au_count) == 0) 46 unix_cred_cache.nextgc = jiffies + (unix_cred_cache.expire >> 1); 47 return &unix_auth; 48 } 49 50 static void 51 unx_destroy(struct rpc_auth *auth) 52 { 53 dprintk("RPC: destroying UNIX authenticator %p\n", auth); 54 rpcauth_free_credcache(auth); 55 } 56 57 /* 58 * Lookup AUTH_UNIX creds for current process 59 */ 60 static struct rpc_cred * 61 unx_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) 62 { 63 return rpcauth_lookup_credcache(auth, acred, flags); 64 } 65 66 static struct rpc_cred * 67 unx_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) 68 { 69 struct unx_cred *cred; 70 int i; 71 72 dprintk("RPC: allocating UNIX cred for uid %d gid %d\n", 73 acred->uid, acred->gid); 74 75 if (!(cred = (struct unx_cred *) kmalloc(sizeof(*cred), GFP_KERNEL))) 76 return ERR_PTR(-ENOMEM); 77 78 atomic_set(&cred->uc_count, 1); 79 cred->uc_flags = RPCAUTH_CRED_UPTODATE; 80 if (flags & RPC_TASK_ROOTCREDS) { 81 cred->uc_uid = 0; 82 cred->uc_gid = 0; 83 cred->uc_gids[0] = NOGROUP; 84 } else { 85 int groups = acred->group_info->ngroups; 86 if (groups > NFS_NGROUPS) 87 groups = NFS_NGROUPS; 88 89 cred->uc_uid = acred->uid; 90 cred->uc_gid = acred->gid; 91 for (i = 0; i < groups; i++) 92 cred->uc_gids[i] = GROUP_AT(acred->group_info, i); 93 if (i < NFS_NGROUPS) 94 cred->uc_gids[i] = NOGROUP; 95 } 96 cred->uc_base.cr_ops = &unix_credops; 97 98 return (struct rpc_cred *) cred; 99 } 100 101 static void 102 unx_destroy_cred(struct rpc_cred *cred) 103 { 104 kfree(cred); 105 } 106 107 /* 108 * Match credentials against current process creds. 109 * The root_override argument takes care of cases where the caller may 110 * request root creds (e.g. for NFS swapping). 111 */ 112 static int 113 unx_match(struct auth_cred *acred, struct rpc_cred *rcred, int taskflags) 114 { 115 struct unx_cred *cred = (struct unx_cred *) rcred; 116 int i; 117 118 if (!(taskflags & RPC_TASK_ROOTCREDS)) { 119 int groups; 120 121 if (cred->uc_uid != acred->uid 122 || cred->uc_gid != acred->gid) 123 return 0; 124 125 groups = acred->group_info->ngroups; 126 if (groups > NFS_NGROUPS) 127 groups = NFS_NGROUPS; 128 for (i = 0; i < groups ; i++) 129 if (cred->uc_gids[i] != GROUP_AT(acred->group_info, i)) 130 return 0; 131 return 1; 132 } 133 return (cred->uc_uid == 0 134 && cred->uc_gid == 0 135 && cred->uc_gids[0] == (gid_t) NOGROUP); 136 } 137 138 /* 139 * Marshal credentials. 140 * Maybe we should keep a cached credential for performance reasons. 141 */ 142 static u32 * 143 unx_marshal(struct rpc_task *task, u32 *p) 144 { 145 struct rpc_clnt *clnt = task->tk_client; 146 struct unx_cred *cred = (struct unx_cred *) task->tk_msg.rpc_cred; 147 u32 *base, *hold; 148 int i; 149 150 *p++ = htonl(RPC_AUTH_UNIX); 151 base = p++; 152 *p++ = htonl(jiffies/HZ); 153 154 /* 155 * Copy the UTS nodename captured when the client was created. 156 */ 157 p = xdr_encode_array(p, clnt->cl_nodename, clnt->cl_nodelen); 158 159 *p++ = htonl((u32) cred->uc_uid); 160 *p++ = htonl((u32) cred->uc_gid); 161 hold = p++; 162 for (i = 0; i < 16 && cred->uc_gids[i] != (gid_t) NOGROUP; i++) 163 *p++ = htonl((u32) cred->uc_gids[i]); 164 *hold = htonl(p - hold - 1); /* gid array length */ 165 *base = htonl((p - base - 1) << 2); /* cred length */ 166 167 *p++ = htonl(RPC_AUTH_NULL); 168 *p++ = htonl(0); 169 170 return p; 171 } 172 173 /* 174 * Refresh credentials. This is a no-op for AUTH_UNIX 175 */ 176 static int 177 unx_refresh(struct rpc_task *task) 178 { 179 task->tk_msg.rpc_cred->cr_flags |= RPCAUTH_CRED_UPTODATE; 180 return 0; 181 } 182 183 static u32 * 184 unx_validate(struct rpc_task *task, u32 *p) 185 { 186 rpc_authflavor_t flavor; 187 u32 size; 188 189 flavor = ntohl(*p++); 190 if (flavor != RPC_AUTH_NULL && 191 flavor != RPC_AUTH_UNIX && 192 flavor != RPC_AUTH_SHORT) { 193 printk("RPC: bad verf flavor: %u\n", flavor); 194 return NULL; 195 } 196 197 size = ntohl(*p++); 198 if (size > RPC_MAX_AUTH_SIZE) { 199 printk("RPC: giant verf size: %u\n", size); 200 return NULL; 201 } 202 task->tk_auth->au_rslack = (size >> 2) + 2; 203 p += (size >> 2); 204 205 return p; 206 } 207 208 struct rpc_authops authunix_ops = { 209 .owner = THIS_MODULE, 210 .au_flavor = RPC_AUTH_UNIX, 211 #ifdef RPC_DEBUG 212 .au_name = "UNIX", 213 #endif 214 .create = unx_create, 215 .destroy = unx_destroy, 216 .lookup_cred = unx_lookup_cred, 217 .crcreate = unx_create_cred, 218 }; 219 220 static 221 struct rpc_cred_cache unix_cred_cache = { 222 .expire = UNX_CRED_EXPIRE, 223 }; 224 225 static 226 struct rpc_auth unix_auth = { 227 .au_cslack = UNX_WRITESLACK, 228 .au_rslack = 2, /* assume AUTH_NULL verf */ 229 .au_ops = &authunix_ops, 230 .au_count = ATOMIC_INIT(0), 231 .au_credcache = &unix_cred_cache, 232 }; 233 234 static 235 struct rpc_credops unix_credops = { 236 .cr_name = "AUTH_UNIX", 237 .crdestroy = unx_destroy_cred, 238 .crmatch = unx_match, 239 .crmarshal = unx_marshal, 240 .crrefresh = unx_refresh, 241 .crvalidate = unx_validate, 242 }; 243