URL https://opencores.org/ocsvn/or1k/or1k/trunk

Subversion Repositories or1k

[/] [or1k/] [trunk/] [linux/] [linux-2.4/] [net/] [sunrpc/] [auth_unix.c] - Blame information for rev 1765

Details | Compare with Previous | View Log


/*
 * linux/net/sunrpc/rpcauth_unix.c
 *
 * UNIX-style authentication; no AUTH_SHORT support
 *
 * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>
 */
 
#include <linux/types.h>
#include <linux/slab.h>
#include <linux/socket.h>
#include <linux/in.h>
#include <linux/sunrpc/clnt.h>
#include <linux/sunrpc/auth.h>
 
#define NFS_NGROUPS     16
struct unx_cred {
        struct rpc_cred         uc_base;
        uid_t                   uc_fsuid;
        gid_t                   uc_gid, uc_fsgid;
        gid_t                   uc_gids[NFS_NGROUPS];
};
#define uc_uid                  uc_base.cr_uid
#define uc_count                uc_base.cr_count
#define uc_flags                uc_base.cr_flags
#define uc_expire               uc_base.cr_expire
 
#define UNX_CRED_EXPIRE         (60 * HZ)
 
#define UNX_WRITESLACK          (21 + (UNX_MAXNODENAME >> 2))
 
#ifdef RPC_DEBUG
# define RPCDBG_FACILITY        RPCDBG_AUTH
#endif
 
static struct rpc_credops       unix_credops;
 
static struct rpc_auth *
unx_create(struct rpc_clnt *clnt)
{
        struct rpc_auth *auth;
 
        dprintk("RPC: creating UNIX authenticator for client %p\n", clnt);
        if (!(auth = (struct rpc_auth *) rpc_allocate(0, sizeof(*auth))))
                return NULL;
        auth->au_cslack = UNX_WRITESLACK;
        auth->au_rslack = 2;    /* assume AUTH_NULL verf */
        auth->au_expire = UNX_CRED_EXPIRE;
        auth->au_ops = &authunix_ops;
 
        rpcauth_init_credcache(auth);
 
        return auth;
}
 
static void
unx_destroy(struct rpc_auth *auth)
{
        dprintk("RPC: destroying UNIX authenticator %p\n", auth);
        rpcauth_free_credcache(auth);
        rpc_free(auth);
}
 
static struct rpc_cred *
unx_create_cred(int flags)
{
        struct unx_cred *cred;
        int             i;
 
        dprintk("RPC:      allocating UNIX cred for uid %d gid %d\n",
                                current->uid, current->gid);
 
        if (!(cred = (struct unx_cred *) rpc_allocate(flags, sizeof(*cred))))
                return NULL;
 
        atomic_set(&cred->uc_count, 0);
        cred->uc_flags = RPCAUTH_CRED_UPTODATE;
        if (flags & RPC_TASK_ROOTCREDS) {
                cred->uc_uid = cred->uc_fsuid = 0;
                cred->uc_gid = cred->uc_fsgid = 0;
                cred->uc_gids[0] = NOGROUP;
        } else {
                int groups = current->ngroups;
                if (groups > NFS_NGROUPS)
                        groups = NFS_NGROUPS;
 
                cred->uc_uid = current->uid;
                cred->uc_gid = current->gid;
                cred->uc_fsuid = current->fsuid;
                cred->uc_fsgid = current->fsgid;
                for (i = 0; i < groups; i++)
                        cred->uc_gids[i] = (gid_t) current->groups[i];
                if (i < NFS_NGROUPS)
                  cred->uc_gids[i] = NOGROUP;
        }
        cred->uc_base.cr_ops = &unix_credops;
 
        return (struct rpc_cred *) cred;
}
 
struct rpc_cred *
authunix_fake_cred(struct rpc_task *task, uid_t uid, gid_t gid)
{
        struct unx_cred *cred;
 
        dprintk("RPC:      allocating fake UNIX cred for uid %d gid %d\n",
                                uid, gid);
 
        if (!(cred = (struct unx_cred *) rpc_malloc(task, sizeof(*cred))))
                return NULL;
 
        atomic_set(&cred->uc_count, 1);
        cred->uc_flags = RPCAUTH_CRED_DEAD|RPCAUTH_CRED_UPTODATE;
        cred->uc_uid   = uid;
        cred->uc_gid   = gid;
        cred->uc_fsuid = uid;
        cred->uc_fsgid = gid;
        cred->uc_gids[0] = (gid_t) NOGROUP;
 
        return task->tk_msg.rpc_cred = (struct rpc_cred *) cred;
}
 
static void
unx_destroy_cred(struct rpc_cred *cred)
{
        rpc_free(cred);
}
 
/*
 * Match credentials against current process creds.
 * The root_override argument takes care of cases where the caller may
 * request root creds (e.g. for NFS swapping).
 */
static int
unx_match(struct rpc_cred *rcred, int taskflags)
{
        struct unx_cred *cred = (struct unx_cred *) rcred;
        int             i;
 
        if (!(taskflags & RPC_TASK_ROOTCREDS)) {
                int groups;
 
                if (cred->uc_uid != current->uid
                 || cred->uc_gid != current->gid
                 || cred->uc_fsuid != current->fsuid
                 || cred->uc_fsgid != current->fsgid)
                        return 0;
 
                groups = current->ngroups;
                if (groups > NFS_NGROUPS)
                        groups = NFS_NGROUPS;
                for (i = 0; i < groups ; i++)
                        if (cred->uc_gids[i] != (gid_t) current->groups[i])
                                return 0;
                return 1;
        }
        return (cred->uc_uid == 0 && cred->uc_fsuid == 0
             && cred->uc_gid == 0 && cred->uc_fsgid == 0
             && cred->uc_gids[0] == (gid_t) NOGROUP);
}
 
/*
 * Marshal credentials.
 * Maybe we should keep a cached credential for performance reasons.
 */
static u32 *
unx_marshal(struct rpc_task *task, u32 *p, int ruid)
{
        struct rpc_clnt *clnt = task->tk_client;
        struct unx_cred *cred = (struct unx_cred *) task->tk_msg.rpc_cred;
        u32             *base, *hold;
        int             i, n;
 
        *p++ = htonl(RPC_AUTH_UNIX);
        base = p++;
        *p++ = htonl(jiffies/HZ);
 
        /*
         * Copy the UTS nodename captured when the client was created.
         */
        n = clnt->cl_nodelen;
        *p++ = htonl(n);
        memcpy(p, clnt->cl_nodename, n);
        p += (n + 3) >> 2;
 
        /* Note: we don't use real uid if it involves raising priviledge */
        if (ruid && cred->uc_uid != 0 && cred->uc_gid != 0) {
                *p++ = htonl((u32) cred->uc_uid);
                *p++ = htonl((u32) cred->uc_gid);
        } else {
                *p++ = htonl((u32) cred->uc_fsuid);
                *p++ = htonl((u32) cred->uc_fsgid);
        }
        hold = p++;
        for (i = 0; i < 16 && cred->uc_gids[i] != (gid_t) NOGROUP; i++)
                *p++ = htonl((u32) cred->uc_gids[i]);
        *hold = htonl(p - hold - 1);            /* gid array length */
        *base = htonl((p - base - 1) << 2);     /* cred length */
 
        *p++ = htonl(RPC_AUTH_NULL);
        *p++ = htonl(0);
 
        return p;
}
 
/*
 * Refresh credentials. This is a no-op for AUTH_UNIX
 */
static int
unx_refresh(struct rpc_task *task)
{
        task->tk_msg.rpc_cred->cr_flags |= RPCAUTH_CRED_UPTODATE;
        return task->tk_status = -EACCES;
}
 
static u32 *
unx_validate(struct rpc_task *task, u32 *p)
{
        u32             n = ntohl(*p++);
 
        if (n != RPC_AUTH_NULL && n != RPC_AUTH_UNIX && n != RPC_AUTH_SHORT) {
                printk("RPC: bad verf flavor: %ld\n", (unsigned long) n);
                return NULL;
        }
        if ((n = ntohl(*p++)) > 400) {
                printk("RPC: giant verf size: %ld\n", (unsigned long) n);
                return NULL;
        }
        task->tk_auth->au_rslack = (n >> 2) + 2;
        p += (n >> 2);
 
        return p;
}
 
struct rpc_authops      authunix_ops = {
        RPC_AUTH_UNIX,
#ifdef RPC_DEBUG
        "UNIX",
#endif
        unx_create,
        unx_destroy,
        unx_create_cred
};
 
static
struct rpc_credops      unix_credops = {
        unx_destroy_cred,
        unx_match,
        unx_marshal,
        unx_refresh,
        unx_validate
};

Browse

Tools

Subversion Repositories or1k

[/] [or1k/] [trunk/] [linux/] [linux-2.4/] [net/] [sunrpc/] [auth_unix.c] - Blame information for rev 1765

Line No.	Rev	Author	Line
1	1275	phoenix	`/*`
2			`* linux/net/sunrpc/rpcauth_unix.c`
3			`*`
4			`* UNIX-style authentication; no AUTH_SHORT support`
5			`*`
6			`* Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>`
7			`*/`
8
9			`#include <linux/types.h>`
10			`#include <linux/slab.h>`
11			`#include <linux/socket.h>`
12			`#include <linux/in.h>`
13			`#include <linux/sunrpc/clnt.h>`
14			`#include <linux/sunrpc/auth.h>`
15
16			`#define NFS_NGROUPS 16`
17			`struct unx_cred {`
18			`struct rpc_cred uc_base;`
19			`uid_t uc_fsuid;`
20			`gid_t uc_gid, uc_fsgid;`
21			`gid_t uc_gids[NFS_NGROUPS];`
22			`};`
23			`#define uc_uid uc_base.cr_uid`
24			`#define uc_count uc_base.cr_count`
25			`#define uc_flags uc_base.cr_flags`
26			`#define uc_expire uc_base.cr_expire`
27
28			`#define UNX_CRED_EXPIRE (60 * HZ)`
29
30			`#define UNX_WRITESLACK (21 + (UNX_MAXNODENAME >> 2))`
31
32			`#ifdef RPC_DEBUG`
33			`# define RPCDBG_FACILITY RPCDBG_AUTH`
34			`#endif`
35
36			`static struct rpc_credops unix_credops;`
37
38			`static struct rpc_auth *`
39			`unx_create(struct rpc_clnt *clnt)`
40			`{`
41			`struct rpc_auth *auth;`
42
43			`dprintk("RPC: creating UNIX authenticator for client %p\n", clnt);`
44			`if (!(auth = (struct rpc_auth ) rpc_allocate(0, sizeof(auth))))`
45			`return NULL;`
46			`auth->au_cslack = UNX_WRITESLACK;`
47			`auth->au_rslack = 2; /* assume AUTH_NULL verf */`
48			`auth->au_expire = UNX_CRED_EXPIRE;`
49			`auth->au_ops = &authunix_ops;`
50
51			`rpcauth_init_credcache(auth);`
52
53			`return auth;`
54			`}`
55
56			`static void`
57			`unx_destroy(struct rpc_auth *auth)`
58			`{`
59			`dprintk("RPC: destroying UNIX authenticator %p\n", auth);`
60			`rpcauth_free_credcache(auth);`
61			`rpc_free(auth);`
62			`}`
63
64			`static struct rpc_cred *`
65			`unx_create_cred(int flags)`
66			`{`
67			`struct unx_cred *cred;`
68			`int i;`
69
70			`dprintk("RPC: allocating UNIX cred for uid %d gid %d\n",`
71			`current->uid, current->gid);`
72
73			`if (!(cred = (struct unx_cred ) rpc_allocate(flags, sizeof(cred))))`
74			`return NULL;`
75
76			`atomic_set(&cred->uc_count, 0);`
77			`cred->uc_flags = RPCAUTH_CRED_UPTODATE;`
78			`if (flags & RPC_TASK_ROOTCREDS) {`
79			`cred->uc_uid = cred->uc_fsuid = 0;`
80			`cred->uc_gid = cred->uc_fsgid = 0;`
81			`cred->uc_gids[0] = NOGROUP;`
82			`} else {`
83			`int groups = current->ngroups;`
84			`if (groups > NFS_NGROUPS)`
85			`groups = NFS_NGROUPS;`
86
87			`cred->uc_uid = current->uid;`
88			`cred->uc_gid = current->gid;`
89			`cred->uc_fsuid = current->fsuid;`
90			`cred->uc_fsgid = current->fsgid;`
91			`for (i = 0; i < groups; i++)`
92			`cred->uc_gids[i] = (gid_t) current->groups[i];`
93			`if (i < NFS_NGROUPS)`
94			`cred->uc_gids[i] = NOGROUP;`
95			`}`
96			`cred->uc_base.cr_ops = &unix_credops;`
97
98			`return (struct rpc_cred *) cred;`
99			`}`
100
101			`struct rpc_cred *`
102			`authunix_fake_cred(struct rpc_task *task, uid_t uid, gid_t gid)`
103			`{`
104			`struct unx_cred *cred;`
105
106			`dprintk("RPC: allocating fake UNIX cred for uid %d gid %d\n",`
107			`uid, gid);`
108
109			`if (!(cred = (struct unx_cred ) rpc_malloc(task, sizeof(cred))))`
110			`return NULL;`
111
112			`atomic_set(&cred->uc_count, 1);`
113			`cred->uc_flags = RPCAUTH_CRED_DEAD\|RPCAUTH_CRED_UPTODATE;`
114			`cred->uc_uid = uid;`
115			`cred->uc_gid = gid;`
116			`cred->uc_fsuid = uid;`
117			`cred->uc_fsgid = gid;`
118			`cred->uc_gids[0] = (gid_t) NOGROUP;`
119
120			`return task->tk_msg.rpc_cred = (struct rpc_cred *) cred;`
121			`}`
122
123			`static void`
124			`unx_destroy_cred(struct rpc_cred *cred)`
125			`{`
126			`rpc_free(cred);`
127			`}`
128
129			`/*`
130			`* Match credentials against current process creds.`
131			`* The root_override argument takes care of cases where the caller may`
132			`* request root creds (e.g. for NFS swapping).`
133			`*/`
134			`static int`
135			`unx_match(struct rpc_cred *rcred, int taskflags)`
136			`{`
137			`struct unx_cred cred = (struct unx_cred ) rcred;`
138			`int i;`
139
140			`if (!(taskflags & RPC_TASK_ROOTCREDS)) {`
141			`int groups;`
142
143			`if (cred->uc_uid != current->uid`
144			`\|\| cred->uc_gid != current->gid`
145			`\|\| cred->uc_fsuid != current->fsuid`
146			`\|\| cred->uc_fsgid != current->fsgid)`
147			`return 0;`
148
149			`groups = current->ngroups;`
150			`if (groups > NFS_NGROUPS)`
151			`groups = NFS_NGROUPS;`
152			`for (i = 0; i < groups ; i++)`
153			`if (cred->uc_gids[i] != (gid_t) current->groups[i])`
154			`return 0;`
155			`return 1;`
156			`}`
157			`return (cred->uc_uid == 0 && cred->uc_fsuid == 0`
158			`&& cred->uc_gid == 0 && cred->uc_fsgid == 0`
159			`&& cred->uc_gids[0] == (gid_t) NOGROUP);`
160			`}`
161
162			`/*`
163			`* Marshal credentials.`
164			`* Maybe we should keep a cached credential for performance reasons.`
165			`*/`
166			`static u32 *`
167			`unx_marshal(struct rpc_task task, u32 p, int ruid)`
168			`{`
169			`struct rpc_clnt *clnt = task->tk_client;`
170			`struct unx_cred cred = (struct unx_cred ) task->tk_msg.rpc_cred;`
171			`u32 base, hold;`
172			`int i, n;`
173
174			`*p++ = htonl(RPC_AUTH_UNIX);`
175			`base = p++;`
176			`*p++ = htonl(jiffies/HZ);`
177
178			`/*`
179			`* Copy the UTS nodename captured when the client was created.`
180			`*/`
181			`n = clnt->cl_nodelen;`
182			`*p++ = htonl(n);`
183			`memcpy(p, clnt->cl_nodename, n);`
184			`p += (n + 3) >> 2;`
185
186			`/* Note: we don't use real uid if it involves raising priviledge */`
187			`if (ruid && cred->uc_uid != 0 && cred->uc_gid != 0) {`
188			`*p++ = htonl((u32) cred->uc_uid);`
189			`*p++ = htonl((u32) cred->uc_gid);`
190			`} else {`
191			`*p++ = htonl((u32) cred->uc_fsuid);`
192			`*p++ = htonl((u32) cred->uc_fsgid);`
193			`}`
194			`hold = p++;`
195			`for (i = 0; i < 16 && cred->uc_gids[i] != (gid_t) NOGROUP; i++)`
196			`*p++ = htonl((u32) cred->uc_gids[i]);`
197			`hold = htonl(p - hold - 1); / gid array length */`
198			`base = htonl((p - base - 1) << 2); / cred length */`
199
200			`*p++ = htonl(RPC_AUTH_NULL);`
201			`*p++ = htonl(0);`
202
203			`return p;`
204			`}`
205
206			`/*`
207			`* Refresh credentials. This is a no-op for AUTH_UNIX`
208			`*/`
209			`static int`
210			`unx_refresh(struct rpc_task *task)`
211			`{`
212			`task->tk_msg.rpc_cred->cr_flags \|= RPCAUTH_CRED_UPTODATE;`
213			`return task->tk_status = -EACCES;`
214			`}`
215
216			`static u32 *`
217			`unx_validate(struct rpc_task task, u32 p)`
218			`{`
219			`u32 n = ntohl(*p++);`
220
221			`if (n != RPC_AUTH_NULL && n != RPC_AUTH_UNIX && n != RPC_AUTH_SHORT) {`
222			`printk("RPC: bad verf flavor: %ld\n", (unsigned long) n);`
223			`return NULL;`
224			`}`
225			`if ((n = ntohl(*p++)) > 400) {`
226			`printk("RPC: giant verf size: %ld\n", (unsigned long) n);`
227			`return NULL;`
228			`}`
229			`task->tk_auth->au_rslack = (n >> 2) + 2;`
230			`p += (n >> 2);`
231
232			`return p;`
233			`}`
234
235			`struct rpc_authops authunix_ops = {`
236			`RPC_AUTH_UNIX,`
237			`#ifdef RPC_DEBUG`
238			`"UNIX",`
239			`#endif`
240			`unx_create,`
241			`unx_destroy,`
242			`unx_create_cred`
243			`};`
244
245			`static`
246			`struct rpc_credops unix_credops = {`
247			`unx_destroy_cred,`
248			`unx_match,`
249			`unx_marshal,`
250			`unx_refresh,`
251			`unx_validate`
252			`};`