2 * linux/net/sunrpc/svcauth.c
4 * The generic interface for RPC authentication on the server side.
6 * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
9 * 19-Apr-2000 Chris Evans - Security fix
12 #include <linux/types.h>
13 #include <linux/sched.h>
14 #include <linux/module.h>
15 #include <linux/sunrpc/types.h>
16 #include <linux/sunrpc/xdr.h>
17 #include <linux/sunrpc/svcsock.h>
18 #include <linux/sunrpc/svcauth.h>
19 #include <linux/err.h>
20 #include <linux/hash.h>
22 #define RPCDBG_FACILITY RPCDBG_AUTH
26 * Table of authenticators
28 extern struct auth_ops svcauth_null
;
29 extern struct auth_ops svcauth_unix
;
31 static DEFINE_SPINLOCK(authtab_lock
);
32 static struct auth_ops
*authtab
[RPC_AUTH_MAXFLAVOR
] = {
38 svc_authenticate(struct svc_rqst
*rqstp
, u32
*authp
)
40 rpc_authflavor_t flavor
;
41 struct auth_ops
*aops
;
45 flavor
= ntohl(svc_getu32(&rqstp
->rq_arg
.head
[0]));
47 dprintk("svc: svc_authenticate (%d)\n", flavor
);
49 spin_lock(&authtab_lock
);
50 if (flavor
>= RPC_AUTH_MAXFLAVOR
|| !(aops
= authtab
[flavor
])
51 || !try_module_get(aops
->owner
)) {
52 spin_unlock(&authtab_lock
);
53 *authp
= rpc_autherr_badcred
;
56 spin_unlock(&authtab_lock
);
58 rqstp
->rq_authop
= aops
;
59 return aops
->accept(rqstp
, authp
);
62 int svc_set_client(struct svc_rqst
*rqstp
)
64 return rqstp
->rq_authop
->set_client(rqstp
);
67 /* A request, which was authenticated, has now executed.
68 * Time to finalise the the credentials and verifier
69 * and release and resources
71 int svc_authorise(struct svc_rqst
*rqstp
)
73 struct auth_ops
*aops
= rqstp
->rq_authop
;
76 rqstp
->rq_authop
= NULL
;
79 rv
= aops
->release(rqstp
);
80 module_put(aops
->owner
);
86 svc_auth_register(rpc_authflavor_t flavor
, struct auth_ops
*aops
)
89 spin_lock(&authtab_lock
);
90 if (flavor
< RPC_AUTH_MAXFLAVOR
&& authtab
[flavor
] == NULL
) {
91 authtab
[flavor
] = aops
;
94 spin_unlock(&authtab_lock
);
99 svc_auth_unregister(rpc_authflavor_t flavor
)
101 spin_lock(&authtab_lock
);
102 if (flavor
< RPC_AUTH_MAXFLAVOR
)
103 authtab
[flavor
] = NULL
;
104 spin_unlock(&authtab_lock
);
106 EXPORT_SYMBOL(svc_auth_unregister
);
108 /**************************************************
109 * cache for domain name to auth_domain
110 * Entries are only added by flavours which will normally
111 * have a structure that 'inherits' from auth_domain.
112 * e.g. when an IP -> domainname is given to auth_unix,
113 * and the domain name doesn't exist, it will create a
114 * auth_unix_domain and add it to this hash table.
115 * If it finds the name does exist, but isn't AUTH_UNIX,
120 * Auth auth_domain cache is somewhat different to other caches,
121 * largely because the entries are possibly of different types:
122 * each auth flavour has it's own type.
123 * One consequence of this that DefineCacheLookup cannot
124 * allocate a new structure as it cannot know the size.
125 * Notice that the "INIT" code fragment is quite different
126 * from other caches. When auth_domain_lookup might be
127 * creating a new domain, the new domain is passed in
128 * complete and it is used as-is rather than being copied into
131 #define DN_HASHBITS 6
132 #define DN_HASHMAX (1<<DN_HASHBITS)
133 #define DN_HASHMASK (DN_HASHMAX-1)
135 static struct cache_head
*auth_domain_table
[DN_HASHMAX
];
137 static void auth_domain_drop(struct cache_head
*item
, struct cache_detail
*cd
)
139 struct auth_domain
*dom
= container_of(item
, struct auth_domain
, h
);
140 if (cache_put(item
,cd
))
141 authtab
[dom
->flavour
]->domain_release(dom
);
145 struct cache_detail auth_domain_cache
= {
146 .hash_size
= DN_HASHMAX
,
147 .hash_table
= auth_domain_table
,
148 .name
= "auth.domain",
149 .cache_put
= auth_domain_drop
,
152 void auth_domain_put(struct auth_domain
*dom
)
154 auth_domain_drop(&dom
->h
, &auth_domain_cache
);
157 static inline int auth_domain_hash(struct auth_domain
*item
)
159 return hash_str(item
->name
, DN_HASHBITS
);
161 static inline int auth_domain_match(struct auth_domain
*tmp
, struct auth_domain
*item
)
163 return strcmp(tmp
->name
, item
->name
) == 0;
167 auth_domain_lookup(struct auth_domain
*item
, int set
)
169 struct auth_domain
*tmp
= NULL
;
170 struct cache_head
**hp
, **head
;
171 head
= &auth_domain_cache
.hash_table
[auth_domain_hash(item
)];
174 write_lock(&auth_domain_cache
.hash_lock
);
176 read_lock(&auth_domain_cache
.hash_lock
);
177 for (hp
=head
; *hp
!= NULL
; hp
= &tmp
->h
.next
) {
178 tmp
= container_of(*hp
, struct auth_domain
, h
);
179 if (!auth_domain_match(tmp
, item
))
187 auth_domain_drop(&tmp
->h
, &auth_domain_cache
);
190 /* Didn't find anything */
193 auth_domain_cache
.entries
++;
195 item
->h
.next
= *head
;
198 write_unlock(&auth_domain_cache
.hash_lock
);
199 cache_fresh(&auth_domain_cache
, &item
->h
, item
->h
.expiry_time
);
205 read_unlock(&auth_domain_cache
.hash_lock
);
209 struct auth_domain
*auth_domain_find(char *name
)
211 struct auth_domain
*rv
, ad
;
214 rv
= auth_domain_lookup(&ad
, 0);