2 * linux/net/sunrpc/auth_unix.c
4 * UNIX-style authentication; no AUTH_SHORT support
6 * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>
9 #include <linux/types.h>
10 #include <linux/sched.h>
11 #include <linux/module.h>
12 #include <linux/sunrpc/clnt.h>
13 #include <linux/sunrpc/auth.h>
15 #define NFS_NGROUPS 16
18 struct rpc_cred uc_base
;
20 gid_t uc_gids
[NFS_NGROUPS
];
22 #define uc_uid uc_base.cr_uid
23 #define uc_count uc_base.cr_count
24 #define uc_flags uc_base.cr_flags
25 #define uc_expire uc_base.cr_expire
27 #define UNX_CRED_EXPIRE (60 * HZ)
29 #define UNX_WRITESLACK (21 + (UNX_MAXNODENAME >> 2))
32 # define RPCDBG_FACILITY RPCDBG_AUTH
35 static struct rpc_auth unix_auth
;
36 static struct rpc_cred_cache unix_cred_cache
;
37 static struct rpc_credops unix_credops
;
39 static struct rpc_auth
*
40 unx_create(struct rpc_clnt
*clnt
, rpc_authflavor_t flavor
)
42 dprintk("RPC: creating UNIX authenticator for client %p\n", clnt
);
43 if (atomic_inc_return(&unix_auth
.au_count
) == 0)
44 unix_cred_cache
.nextgc
= jiffies
+ (unix_cred_cache
.expire
>> 1);
49 unx_destroy(struct rpc_auth
*auth
)
51 dprintk("RPC: destroying UNIX authenticator %p\n", auth
);
52 rpcauth_free_credcache(auth
);
56 * Lookup AUTH_UNIX creds for current process
58 static struct rpc_cred
*
59 unx_lookup_cred(struct rpc_auth
*auth
, struct auth_cred
*acred
, int flags
)
61 return rpcauth_lookup_credcache(auth
, acred
, flags
);
64 static struct rpc_cred
*
65 unx_create_cred(struct rpc_auth
*auth
, struct auth_cred
*acred
, int flags
)
67 struct unx_cred
*cred
;
70 dprintk("RPC: allocating UNIX cred for uid %d gid %d\n",
71 acred
->uid
, acred
->gid
);
73 if (!(cred
= kmalloc(sizeof(*cred
), GFP_KERNEL
)))
74 return ERR_PTR(-ENOMEM
);
76 atomic_set(&cred
->uc_count
, 1);
77 cred
->uc_flags
= RPCAUTH_CRED_UPTODATE
;
78 if (flags
& RPCAUTH_LOOKUP_ROOTCREDS
) {
81 cred
->uc_gids
[0] = NOGROUP
;
83 int groups
= acred
->group_info
->ngroups
;
84 if (groups
> NFS_NGROUPS
)
87 cred
->uc_uid
= acred
->uid
;
88 cred
->uc_gid
= acred
->gid
;
89 for (i
= 0; i
< groups
; i
++)
90 cred
->uc_gids
[i
] = GROUP_AT(acred
->group_info
, i
);
92 cred
->uc_gids
[i
] = NOGROUP
;
94 cred
->uc_base
.cr_ops
= &unix_credops
;
96 return (struct rpc_cred
*) cred
;
100 unx_destroy_cred(struct rpc_cred
*cred
)
106 * Match credentials against current process creds.
107 * The root_override argument takes care of cases where the caller may
108 * request root creds (e.g. for NFS swapping).
111 unx_match(struct auth_cred
*acred
, struct rpc_cred
*rcred
, int flags
)
113 struct unx_cred
*cred
= (struct unx_cred
*) rcred
;
116 if (!(flags
& RPCAUTH_LOOKUP_ROOTCREDS
)) {
119 if (cred
->uc_uid
!= acred
->uid
120 || cred
->uc_gid
!= acred
->gid
)
123 groups
= acred
->group_info
->ngroups
;
124 if (groups
> NFS_NGROUPS
)
125 groups
= NFS_NGROUPS
;
126 for (i
= 0; i
< groups
; i
++)
127 if (cred
->uc_gids
[i
] != GROUP_AT(acred
->group_info
, i
))
131 return (cred
->uc_uid
== 0
133 && cred
->uc_gids
[0] == (gid_t
) NOGROUP
);
137 * Marshal credentials.
138 * Maybe we should keep a cached credential for performance reasons.
141 unx_marshal(struct rpc_task
*task
, u32
*p
)
143 struct rpc_clnt
*clnt
= task
->tk_client
;
144 struct unx_cred
*cred
= (struct unx_cred
*) task
->tk_msg
.rpc_cred
;
148 *p
++ = htonl(RPC_AUTH_UNIX
);
150 *p
++ = htonl(jiffies
/HZ
);
153 * Copy the UTS nodename captured when the client was created.
155 p
= xdr_encode_array(p
, clnt
->cl_nodename
, clnt
->cl_nodelen
);
157 *p
++ = htonl((u32
) cred
->uc_uid
);
158 *p
++ = htonl((u32
) cred
->uc_gid
);
160 for (i
= 0; i
< 16 && cred
->uc_gids
[i
] != (gid_t
) NOGROUP
; i
++)
161 *p
++ = htonl((u32
) cred
->uc_gids
[i
]);
162 *hold
= htonl(p
- hold
- 1); /* gid array length */
163 *base
= htonl((p
- base
- 1) << 2); /* cred length */
165 *p
++ = htonl(RPC_AUTH_NULL
);
172 * Refresh credentials. This is a no-op for AUTH_UNIX
175 unx_refresh(struct rpc_task
*task
)
177 task
->tk_msg
.rpc_cred
->cr_flags
|= RPCAUTH_CRED_UPTODATE
;
182 unx_validate(struct rpc_task
*task
, u32
*p
)
184 rpc_authflavor_t flavor
;
187 flavor
= ntohl(*p
++);
188 if (flavor
!= RPC_AUTH_NULL
&&
189 flavor
!= RPC_AUTH_UNIX
&&
190 flavor
!= RPC_AUTH_SHORT
) {
191 printk("RPC: bad verf flavor: %u\n", flavor
);
196 if (size
> RPC_MAX_AUTH_SIZE
) {
197 printk("RPC: giant verf size: %u\n", size
);
200 task
->tk_auth
->au_rslack
= (size
>> 2) + 2;
206 struct rpc_authops authunix_ops
= {
207 .owner
= THIS_MODULE
,
208 .au_flavor
= RPC_AUTH_UNIX
,
212 .create
= unx_create
,
213 .destroy
= unx_destroy
,
214 .lookup_cred
= unx_lookup_cred
,
215 .crcreate
= unx_create_cred
,
219 struct rpc_cred_cache unix_cred_cache
= {
220 .expire
= UNX_CRED_EXPIRE
,
224 struct rpc_auth unix_auth
= {
225 .au_cslack
= UNX_WRITESLACK
,
226 .au_rslack
= 2, /* assume AUTH_NULL verf */
227 .au_ops
= &authunix_ops
,
228 .au_count
= ATOMIC_INIT(0),
229 .au_credcache
= &unix_cred_cache
,
233 struct rpc_credops unix_credops
= {
234 .cr_name
= "AUTH_UNIX",
235 .crdestroy
= unx_destroy_cred
,
236 .crmatch
= unx_match
,
237 .crmarshal
= unx_marshal
,
238 .crrefresh
= unx_refresh
,
239 .crvalidate
= unx_validate
,