[linux-2.6-block.git] / net / sunrpc / svcauth.c

/*
 * linux/net/sunrpc/svcauth.c
 *
 * The generic interface for RPC authentication on the server side.
 *
 * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
 *
 * CHANGES
 * 19-Apr-2000 Chris Evans      - Security fix
 */

#include <linux/types.h>
#include <linux/module.h>
#include <linux/sunrpc/types.h>
#include <linux/sunrpc/xdr.h>
#include <linux/sunrpc/svcsock.h>
#include <linux/sunrpc/svcauth.h>
#include <linux/err.h>
#include <linux/hash.h>

#define RPCDBG_FACILITY	RPCDBG_AUTH


/*
 * Table of authenticators
 */
extern struct auth_ops svcauth_null;
extern struct auth_ops svcauth_unix;

static struct auth_ops __rcu *authtab[RPC_AUTH_MAXFLAVOR] = {
	[RPC_AUTH_NULL] = (struct auth_ops __force __rcu *)&svcauth_null,
	[RPC_AUTH_UNIX] = (struct auth_ops __force __rcu *)&svcauth_unix,
};

static struct auth_ops *
svc_get_auth_ops(rpc_authflavor_t flavor)
{
	struct auth_ops		*aops;

	if (flavor >= RPC_AUTH_MAXFLAVOR)
		return NULL;
	rcu_read_lock();
	aops = rcu_dereference(authtab[flavor]);
	if (aops != NULL && !try_module_get(aops->owner))
		aops = NULL;
	rcu_read_unlock();
	return aops;
}

static void
svc_put_auth_ops(struct auth_ops *aops)
{
	module_put(aops->owner);
}

int
svc_authenticate(struct svc_rqst *rqstp, __be32 *authp)
{
	rpc_authflavor_t	flavor;
	struct auth_ops		*aops;

	*authp = rpc_auth_ok;

	flavor = svc_getnl(&rqstp->rq_arg.head[0]);

	dprintk("svc: svc_authenticate (%d)\n", flavor);

	aops = svc_get_auth_ops(flavor);
	if (aops == NULL) {
		*authp = rpc_autherr_badcred;
		return SVC_DENIED;
	}

	rqstp->rq_auth_slack = 0;
	init_svc_cred(&rqstp->rq_cred);

	rqstp->rq_authop = aops;
	return aops->accept(rqstp, authp);
}
EXPORT_SYMBOL_GPL(svc_authenticate);

int svc_set_client(struct svc_rqst *rqstp)
{
	rqstp->rq_client = NULL;
	return rqstp->rq_authop->set_client(rqstp);
}
EXPORT_SYMBOL_GPL(svc_set_client);

/* A request, which was authenticated, has now executed.
 * Time to finalise the credentials and verifier
 * and release and resources
 */
int svc_authorise(struct svc_rqst *rqstp)
{
	struct auth_ops *aops = rqstp->rq_authop;
	int rv = 0;

	rqstp->rq_authop = NULL;

	if (aops) {
		rv = aops->release(rqstp);
		svc_put_auth_ops(aops);
	}
	return rv;
}

int
svc_auth_register(rpc_authflavor_t flavor, struct auth_ops *aops)
{
	struct auth_ops *old;
	int rv = -EINVAL;

	if (flavor < RPC_AUTH_MAXFLAVOR) {
		old = cmpxchg((struct auth_ops ** __force)&authtab[flavor], NULL, aops);
		if (old == NULL || old == aops)
			rv = 0;
	}
	return rv;
}
EXPORT_SYMBOL_GPL(svc_auth_register);

void
svc_auth_unregister(rpc_authflavor_t flavor)
{
	if (flavor < RPC_AUTH_MAXFLAVOR)
		rcu_assign_pointer(authtab[flavor], NULL);
}
EXPORT_SYMBOL_GPL(svc_auth_unregister);

/**************************************************
 * 'auth_domains' are stored in a hash table indexed by name.
 * When the last reference to an 'auth_domain' is dropped,
 * the object is unhashed and freed.
 * If auth_domain_lookup fails to find an entry, it will return
 * it's second argument 'new'.  If this is non-null, it will
 * have been atomically linked into the table.
 */

#define	DN_HASHBITS	6
#define	DN_HASHMAX	(1<<DN_HASHBITS)

static struct hlist_head	auth_domain_table[DN_HASHMAX];
static DEFINE_SPINLOCK(auth_domain_lock);

static void auth_domain_release(struct kref *kref)
	__releases(&auth_domain_lock)
{
	struct auth_domain *dom = container_of(kref, struct auth_domain, ref);

	hlist_del_rcu(&dom->hash);
	dom->flavour->domain_release(dom);
	spin_unlock(&auth_domain_lock);
}

void auth_domain_put(struct auth_domain *dom)
{
	kref_put_lock(&dom->ref, auth_domain_release, &auth_domain_lock);
}
EXPORT_SYMBOL_GPL(auth_domain_put);

struct auth_domain *
auth_domain_lookup(char *name, struct auth_domain *new)
{
	struct auth_domain *hp;
	struct hlist_head *head;

	head = &auth_domain_table[hash_str(name, DN_HASHBITS)];

	spin_lock(&auth_domain_lock);

	hlist_for_each_entry(hp, head, hash) {
		if (strcmp(hp->name, name)==0) {
			kref_get(&hp->ref);
			spin_unlock(&auth_domain_lock);
			return hp;
		}
	}
	if (new)
		hlist_add_head_rcu(&new->hash, head);
	spin_unlock(&auth_domain_lock);
	return new;
}
EXPORT_SYMBOL_GPL(auth_domain_lookup);

struct auth_domain *auth_domain_find(char *name)
{
	struct auth_domain *hp;
	struct hlist_head *head;

	head = &auth_domain_table[hash_str(name, DN_HASHBITS)];

	rcu_read_lock();
	hlist_for_each_entry_rcu(hp, head, hash) {
		if (strcmp(hp->name, name)==0) {
			if (!kref_get_unless_zero(&hp->ref))
				hp = NULL;
			rcu_read_unlock();
			return hp;
		}
	}
	rcu_read_unlock();
	return NULL;
}
EXPORT_SYMBOL_GPL(auth_domain_find);
Commit	Line	Data
1da177e4 LT	1	/*
	2	* linux/net/sunrpc/svcauth.c
	3	*
	4	* The generic interface for RPC authentication on the server side.
cca5172a	5	*
1da177e4 LT	6	* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
	7	*
	8	* CHANGES
	9	* 19-Apr-2000 Chris Evans - Security fix
	10	*/
	11
	12	#include <linux/types.h>
1da177e4 LT	13	#include <linux/module.h>
	14	#include <linux/sunrpc/types.h>
	15	#include <linux/sunrpc/xdr.h>
	16	#include <linux/sunrpc/svcsock.h>
	17	#include <linux/sunrpc/svcauth.h>
	18	#include <linux/err.h>
	19	#include <linux/hash.h>
	20
	21	#define RPCDBG_FACILITY RPCDBG_AUTH
	22
	23
	24	/*
	25	* Table of authenticators
	26	*/
	27	extern struct auth_ops svcauth_null;
	28	extern struct auth_ops svcauth_unix;
	29
30382d6c TM	30	static struct auth_ops __rcu *authtab[RPC_AUTH_MAXFLAVOR] = {
	31	[RPC_AUTH_NULL] = (struct auth_ops __force __rcu *)&svcauth_null,
	32	[RPC_AUTH_UNIX] = (struct auth_ops __force __rcu *)&svcauth_unix,
1da177e4 LT	33	};
1da177e4 LT	34
30382d6c TM	35	static struct auth_ops *
	36	svc_get_auth_ops(rpc_authflavor_t flavor)
	37	{
	38	struct auth_ops *aops;
	39
	40	if (flavor >= RPC_AUTH_MAXFLAVOR)
	41	return NULL;
	42	rcu_read_lock();
	43	aops = rcu_dereference(authtab[flavor]);
	44	if (aops != NULL && !try_module_get(aops->owner))
	45	aops = NULL;
	46	rcu_read_unlock();
	47	return aops;
	48	}
	49
	50	static void
	51	svc_put_auth_ops(struct auth_ops *aops)
	52	{
	53	module_put(aops->owner);
	54	}
	55
1da177e4	56	int
d8ed029d	57	svc_authenticate(struct svc_rqst rqstp, __be32 authp)
1da177e4 LT	58	{
	59	rpc_authflavor_t flavor;
	60	struct auth_ops *aops;
	61
	62	*authp = rpc_auth_ok;
	63
76994313	64	flavor = svc_getnl(&rqstp->rq_arg.head[0]);
1da177e4 LT	65
	66	dprintk("svc: svc_authenticate (%d)\n", flavor);
	67
30382d6c TM	68	aops = svc_get_auth_ops(flavor);
30382d6c TM	69	if (aops == NULL) {
1da177e4 LT	70	*authp = rpc_autherr_badcred;
	71	return SVC_DENIED;
	72	}
1da177e4	73
a5cddc88	74	rqstp->rq_auth_slack = 0;
6496500c	75	init_svc_cred(&rqstp->rq_cred);
a5cddc88	76
1da177e4 LT	77	rqstp->rq_authop = aops;
	78	return aops->accept(rqstp, authp);
	79	}
24c3767e	80	EXPORT_SYMBOL_GPL(svc_authenticate);
1da177e4 LT	81
	82	int svc_set_client(struct svc_rqst *rqstp)
	83	{
6496500c	84	rqstp->rq_client = NULL;
1da177e4 LT	85	return rqstp->rq_authop->set_client(rqstp);
1da177e4 LT	86	}
24c3767e	87	EXPORT_SYMBOL_GPL(svc_set_client);
1da177e4 LT	88
1da177e4 LT	89	/* A request, which was authenticated, has now executed.
59c51591	90	* Time to finalise the credentials and verifier
1da177e4 LT	91	* and release and resources
	92	*/
	93	int svc_authorise(struct svc_rqst *rqstp)
	94	{
	95	struct auth_ops *aops = rqstp->rq_authop;
	96	int rv = 0;
	97
	98	rqstp->rq_authop = NULL;
cca5172a	99
1da177e4 LT	100	if (aops) {
1da177e4 LT	101	rv = aops->release(rqstp);
30382d6c	102	svc_put_auth_ops(aops);
1da177e4 LT	103	}
	104	return rv;
	105	}
	106
	107	int
	108	svc_auth_register(rpc_authflavor_t flavor, struct auth_ops *aops)
	109	{
30382d6c	110	struct auth_ops *old;
1da177e4	111	int rv = -EINVAL;
30382d6c TM	112
	113	if (flavor < RPC_AUTH_MAXFLAVOR) {
	114	old = cmpxchg((struct auth_ops ** __force)&authtab[flavor], NULL, aops);
	115	if (old == NULL \|\| old == aops)
	116	rv = 0;
1da177e4	117	}
1da177e4 LT	118	return rv;
1da177e4 LT	119	}
24c3767e	120	EXPORT_SYMBOL_GPL(svc_auth_register);
1da177e4 LT	121
	122	void
	123	svc_auth_unregister(rpc_authflavor_t flavor)
	124	{
1da177e4	125	if (flavor < RPC_AUTH_MAXFLAVOR)
30382d6c	126	rcu_assign_pointer(authtab[flavor], NULL);
1da177e4	127	}
24c3767e	128	EXPORT_SYMBOL_GPL(svc_auth_unregister);
1da177e4 LT	129
1da177e4 LT	130	/**************************************************
efc36aa5 N	131	* 'auth_domains' are stored in a hash table indexed by name.
	132	* When the last reference to an 'auth_domain' is dropped,
	133	* the object is unhashed and freed.
	134	* If auth_domain_lookup fails to find an entry, it will return
	135	* it's second argument 'new'. If this is non-null, it will
	136	* have been atomically linked into the table.
1da177e4 LT	137	*/
1da177e4 LT	138
1da177e4 LT	139	#define DN_HASHBITS 6
1da177e4 LT	140	#define DN_HASHMAX (1<<DN_HASHBITS)
1da177e4	141
efc36aa5	142	static struct hlist_head auth_domain_table[DN_HASHMAX];
3eb15f28	143	static DEFINE_SPINLOCK(auth_domain_lock);
1da177e4	144
0a13cd1a	145	static void auth_domain_release(struct kref *kref)
608a0ab2	146	__releases(&auth_domain_lock)
0a13cd1a PZ	147	{
	148	struct auth_domain *dom = container_of(kref, struct auth_domain, ref);
	149
608a0ab2	150	hlist_del_rcu(&dom->hash);
0a13cd1a PZ	151	dom->flavour->domain_release(dom);
	152	spin_unlock(&auth_domain_lock);
	153	}
	154
1da177e4 LT	155	void auth_domain_put(struct auth_domain *dom)
1da177e4 LT	156	{
0a13cd1a	157	kref_put_lock(&dom->ref, auth_domain_release, &auth_domain_lock);
1da177e4	158	}
24c3767e	159	EXPORT_SYMBOL_GPL(auth_domain_put);
1da177e4 LT	160
1da177e4 LT	161	struct auth_domain *
efc36aa5	162	auth_domain_lookup(char name, struct auth_domain new)
1da177e4	163	{
efc36aa5 N	164	struct auth_domain *hp;
efc36aa5 N	165	struct hlist_head *head;
efc36aa5 N	166
	167	head = &auth_domain_table[hash_str(name, DN_HASHBITS)];
	168
	169	spin_lock(&auth_domain_lock);
	170
b67bfe0d	171	hlist_for_each_entry(hp, head, hash) {
efc36aa5 N	172	if (strcmp(hp->name, name)==0) {
	173	kref_get(&hp->ref);
	174	spin_unlock(&auth_domain_lock);
	175	return hp;
1da177e4	176	}
1da177e4	177	}
d6740df9	178	if (new)
608a0ab2	179	hlist_add_head_rcu(&new->hash, head);
efc36aa5 N	180	spin_unlock(&auth_domain_lock);
efc36aa5 N	181	return new;
1da177e4	182	}
24c3767e	183	EXPORT_SYMBOL_GPL(auth_domain_lookup);
1da177e4 LT	184
	185	struct auth_domain auth_domain_find(char name)
	186	{
608a0ab2 TM	187	struct auth_domain *hp;
	188	struct hlist_head *head;
	189
	190	head = &auth_domain_table[hash_str(name, DN_HASHBITS)];
	191
	192	rcu_read_lock();
	193	hlist_for_each_entry_rcu(hp, head, hash) {
	194	if (strcmp(hp->name, name)==0) {
	195	if (!kref_get_unless_zero(&hp->ref))
	196	hp = NULL;
	197	rcu_read_unlock();
	198	return hp;
	199	}
	200	}
	201	rcu_read_unlock();
	202	return NULL;
1da177e4	203	}
24c3767e	204	EXPORT_SYMBOL_GPL(auth_domain_find);