Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * linux/net/sunrpc/svcauth.c | |
3 | * | |
4 | * The generic interface for RPC authentication on the server side. | |
cca5172a | 5 | * |
1da177e4 LT |
6 | * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> |
7 | * | |
8 | * CHANGES | |
9 | * 19-Apr-2000 Chris Evans - Security fix | |
10 | */ | |
11 | ||
12 | #include <linux/types.h> | |
1da177e4 LT |
13 | #include <linux/module.h> |
14 | #include <linux/sunrpc/types.h> | |
15 | #include <linux/sunrpc/xdr.h> | |
16 | #include <linux/sunrpc/svcsock.h> | |
17 | #include <linux/sunrpc/svcauth.h> | |
18 | #include <linux/err.h> | |
19 | #include <linux/hash.h> | |
20 | ||
21 | #define RPCDBG_FACILITY RPCDBG_AUTH | |
22 | ||
23 | ||
24 | /* | |
25 | * Table of authenticators | |
26 | */ | |
27 | extern struct auth_ops svcauth_null; | |
28 | extern struct auth_ops svcauth_unix; | |
29 | ||
30382d6c TM |
30 | static struct auth_ops __rcu *authtab[RPC_AUTH_MAXFLAVOR] = { |
31 | [RPC_AUTH_NULL] = (struct auth_ops __force __rcu *)&svcauth_null, | |
32 | [RPC_AUTH_UNIX] = (struct auth_ops __force __rcu *)&svcauth_unix, | |
1da177e4 LT |
33 | }; |
34 | ||
30382d6c TM |
35 | static struct auth_ops * |
36 | svc_get_auth_ops(rpc_authflavor_t flavor) | |
37 | { | |
38 | struct auth_ops *aops; | |
39 | ||
40 | if (flavor >= RPC_AUTH_MAXFLAVOR) | |
41 | return NULL; | |
42 | rcu_read_lock(); | |
43 | aops = rcu_dereference(authtab[flavor]); | |
44 | if (aops != NULL && !try_module_get(aops->owner)) | |
45 | aops = NULL; | |
46 | rcu_read_unlock(); | |
47 | return aops; | |
48 | } | |
49 | ||
50 | static void | |
51 | svc_put_auth_ops(struct auth_ops *aops) | |
52 | { | |
53 | module_put(aops->owner); | |
54 | } | |
55 | ||
1da177e4 | 56 | int |
d8ed029d | 57 | svc_authenticate(struct svc_rqst *rqstp, __be32 *authp) |
1da177e4 LT |
58 | { |
59 | rpc_authflavor_t flavor; | |
60 | struct auth_ops *aops; | |
61 | ||
62 | *authp = rpc_auth_ok; | |
63 | ||
76994313 | 64 | flavor = svc_getnl(&rqstp->rq_arg.head[0]); |
1da177e4 LT |
65 | |
66 | dprintk("svc: svc_authenticate (%d)\n", flavor); | |
67 | ||
30382d6c TM |
68 | aops = svc_get_auth_ops(flavor); |
69 | if (aops == NULL) { | |
1da177e4 LT |
70 | *authp = rpc_autherr_badcred; |
71 | return SVC_DENIED; | |
72 | } | |
1da177e4 | 73 | |
a5cddc88 | 74 | rqstp->rq_auth_slack = 0; |
6496500c | 75 | init_svc_cred(&rqstp->rq_cred); |
a5cddc88 | 76 | |
1da177e4 LT |
77 | rqstp->rq_authop = aops; |
78 | return aops->accept(rqstp, authp); | |
79 | } | |
24c3767e | 80 | EXPORT_SYMBOL_GPL(svc_authenticate); |
1da177e4 LT |
81 | |
82 | int svc_set_client(struct svc_rqst *rqstp) | |
83 | { | |
6496500c | 84 | rqstp->rq_client = NULL; |
1da177e4 LT |
85 | return rqstp->rq_authop->set_client(rqstp); |
86 | } | |
24c3767e | 87 | EXPORT_SYMBOL_GPL(svc_set_client); |
1da177e4 LT |
88 | |
89 | /* A request, which was authenticated, has now executed. | |
59c51591 | 90 | * Time to finalise the credentials and verifier |
1da177e4 LT |
91 | * and release and resources |
92 | */ | |
93 | int svc_authorise(struct svc_rqst *rqstp) | |
94 | { | |
95 | struct auth_ops *aops = rqstp->rq_authop; | |
96 | int rv = 0; | |
97 | ||
98 | rqstp->rq_authop = NULL; | |
cca5172a | 99 | |
1da177e4 LT |
100 | if (aops) { |
101 | rv = aops->release(rqstp); | |
30382d6c | 102 | svc_put_auth_ops(aops); |
1da177e4 LT |
103 | } |
104 | return rv; | |
105 | } | |
106 | ||
107 | int | |
108 | svc_auth_register(rpc_authflavor_t flavor, struct auth_ops *aops) | |
109 | { | |
30382d6c | 110 | struct auth_ops *old; |
1da177e4 | 111 | int rv = -EINVAL; |
30382d6c TM |
112 | |
113 | if (flavor < RPC_AUTH_MAXFLAVOR) { | |
114 | old = cmpxchg((struct auth_ops ** __force)&authtab[flavor], NULL, aops); | |
115 | if (old == NULL || old == aops) | |
116 | rv = 0; | |
1da177e4 | 117 | } |
1da177e4 LT |
118 | return rv; |
119 | } | |
24c3767e | 120 | EXPORT_SYMBOL_GPL(svc_auth_register); |
1da177e4 LT |
121 | |
122 | void | |
123 | svc_auth_unregister(rpc_authflavor_t flavor) | |
124 | { | |
1da177e4 | 125 | if (flavor < RPC_AUTH_MAXFLAVOR) |
30382d6c | 126 | rcu_assign_pointer(authtab[flavor], NULL); |
1da177e4 | 127 | } |
24c3767e | 128 | EXPORT_SYMBOL_GPL(svc_auth_unregister); |
1da177e4 LT |
129 | |
130 | /************************************************** | |
efc36aa5 N |
131 | * 'auth_domains' are stored in a hash table indexed by name. |
132 | * When the last reference to an 'auth_domain' is dropped, | |
133 | * the object is unhashed and freed. | |
134 | * If auth_domain_lookup fails to find an entry, it will return | |
135 | * it's second argument 'new'. If this is non-null, it will | |
136 | * have been atomically linked into the table. | |
1da177e4 LT |
137 | */ |
138 | ||
1da177e4 LT |
139 | #define DN_HASHBITS 6 |
140 | #define DN_HASHMAX (1<<DN_HASHBITS) | |
1da177e4 | 141 | |
efc36aa5 | 142 | static struct hlist_head auth_domain_table[DN_HASHMAX]; |
3eb15f28 | 143 | static DEFINE_SPINLOCK(auth_domain_lock); |
1da177e4 | 144 | |
0a13cd1a | 145 | static void auth_domain_release(struct kref *kref) |
608a0ab2 | 146 | __releases(&auth_domain_lock) |
0a13cd1a PZ |
147 | { |
148 | struct auth_domain *dom = container_of(kref, struct auth_domain, ref); | |
149 | ||
608a0ab2 | 150 | hlist_del_rcu(&dom->hash); |
0a13cd1a PZ |
151 | dom->flavour->domain_release(dom); |
152 | spin_unlock(&auth_domain_lock); | |
153 | } | |
154 | ||
1da177e4 LT |
155 | void auth_domain_put(struct auth_domain *dom) |
156 | { | |
0a13cd1a | 157 | kref_put_lock(&dom->ref, auth_domain_release, &auth_domain_lock); |
1da177e4 | 158 | } |
24c3767e | 159 | EXPORT_SYMBOL_GPL(auth_domain_put); |
1da177e4 LT |
160 | |
161 | struct auth_domain * | |
efc36aa5 | 162 | auth_domain_lookup(char *name, struct auth_domain *new) |
1da177e4 | 163 | { |
efc36aa5 N |
164 | struct auth_domain *hp; |
165 | struct hlist_head *head; | |
efc36aa5 N |
166 | |
167 | head = &auth_domain_table[hash_str(name, DN_HASHBITS)]; | |
168 | ||
169 | spin_lock(&auth_domain_lock); | |
170 | ||
b67bfe0d | 171 | hlist_for_each_entry(hp, head, hash) { |
efc36aa5 N |
172 | if (strcmp(hp->name, name)==0) { |
173 | kref_get(&hp->ref); | |
174 | spin_unlock(&auth_domain_lock); | |
175 | return hp; | |
1da177e4 | 176 | } |
1da177e4 | 177 | } |
d6740df9 | 178 | if (new) |
608a0ab2 | 179 | hlist_add_head_rcu(&new->hash, head); |
efc36aa5 N |
180 | spin_unlock(&auth_domain_lock); |
181 | return new; | |
1da177e4 | 182 | } |
24c3767e | 183 | EXPORT_SYMBOL_GPL(auth_domain_lookup); |
1da177e4 LT |
184 | |
185 | struct auth_domain *auth_domain_find(char *name) | |
186 | { | |
608a0ab2 TM |
187 | struct auth_domain *hp; |
188 | struct hlist_head *head; | |
189 | ||
190 | head = &auth_domain_table[hash_str(name, DN_HASHBITS)]; | |
191 | ||
192 | rcu_read_lock(); | |
193 | hlist_for_each_entry_rcu(hp, head, hash) { | |
194 | if (strcmp(hp->name, name)==0) { | |
195 | if (!kref_get_unless_zero(&hp->ref)) | |
196 | hp = NULL; | |
197 | rcu_read_unlock(); | |
198 | return hp; | |
199 | } | |
200 | } | |
201 | rcu_read_unlock(); | |
202 | return NULL; | |
1da177e4 | 203 | } |
24c3767e | 204 | EXPORT_SYMBOL_GPL(auth_domain_find); |