fs/nfsd/auth.c

   1 /* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> */
   2
   3 #include <linux/sched.h>
   4 #include "nfsd.h"
   5 #include "auth.h"
   6
   7 int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
   8 {
   9         struct exp_flavor_info *f;
  10         struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
  11
  12         for (f = exp->ex_flavors; f < end; f++) {
  13                 if (f->pseudoflavor == rqstp->rq_cred.cr_flavor)
  14                         return f->flags;
  15         }
  16         return exp->ex_flags;
  17
  18 }
  19
  20 int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
  21 {
  22         struct group_info *rqgi;
  23         struct group_info *gi;
  24         struct cred *new;
  25         int i;
  26         int flags = nfsexp_flags(rqstp, exp);
  27
  28         validate_process_creds();
  29
  30         /* discard any old override before preparing the new set */
  31         revert_creds(get_cred(current_real_cred()));
  32         new = prepare_creds();
  33         if (!new)
  34                 return -ENOMEM;
  35
  36         new->fsuid = rqstp->rq_cred.cr_uid;
  37         new->fsgid = rqstp->rq_cred.cr_gid;
  38
  39         rqgi = rqstp->rq_cred.cr_group_info;
  40
  41         if (flags & NFSEXP_ALLSQUASH) {
  42                 new->fsuid = exp->ex_anon_uid;
  43                 new->fsgid = exp->ex_anon_gid;
  44                 gi = groups_alloc(0);
  45                 if (!gi)
  46                         goto oom;
  47         } else if (flags & NFSEXP_ROOTSQUASH) {
  48                 if (uid_eq(new->fsuid, GLOBAL_ROOT_UID))
  49                         new->fsuid = exp->ex_anon_uid;
  50                 if (gid_eq(new->fsgid, GLOBAL_ROOT_GID))
  51                         new->fsgid = exp->ex_anon_gid;
  52
  53                 gi = groups_alloc(rqgi->ngroups);
  54                 if (!gi)
  55                         goto oom;
  56
  57                 for (i = 0; i < rqgi->ngroups; i++) {
  58                         if (gid_eq(GLOBAL_ROOT_GID, GROUP_AT(rqgi, i)))
  59                                 GROUP_AT(gi, i) = exp->ex_anon_gid;
  60                         else
  61                                 GROUP_AT(gi, i) = GROUP_AT(rqgi, i);
  62
  63                 }
  64
  65                 /* Each thread allocates its own gi, no race */
  66                 groups_sort(gi);
  67         } else {
  68                 gi = get_group_info(rqgi);
  69         }
  70
  71         if (uid_eq(new->fsuid, INVALID_UID))
  72                 new->fsuid = exp->ex_anon_uid;
  73         if (gid_eq(new->fsgid, INVALID_GID))
  74                 new->fsgid = exp->ex_anon_gid;
  75
  76         set_groups(new, gi);
  77         put_group_info(gi);
  78
  79         if (!uid_eq(new->fsuid, GLOBAL_ROOT_UID))
  80                 new->cap_effective = cap_drop_nfsd_set(new->cap_effective);
  81         else
  82                 new->cap_effective = cap_raise_nfsd_set(new->cap_effective,
  83                                                         new->cap_permitted);
  84         validate_process_creds();
  85         put_cred(override_creds(new));
  86         put_cred(new);
  87         validate_process_creds();
  88         return 0;
  89
  90 oom:
  91         abort_creds(new);
  92         return -ENOMEM;
  93 }
  94