projects / deliverable / linux.git / blame
| Commit | Line | Data |
|---|---|---|
| 1da177e4 LT |
1 | /* |
| 2 | * linux/net/sunrpc/svcauth.c | |
| 3 | * | |
| 4 | * The generic interface for RPC authentication on the server side. | |
| cca5172a | 5 | * |
| 1da177e4 LT |
6 | * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> |
| 7 | * | |
| 8 | * CHANGES | |
| 9 | * 19-Apr-2000 Chris Evans - Security fix | |
| 10 | */ | |
| 11 | ||
| 12 | #include <linux/types.h> | |
| 1da177e4 LT |
13 | #include <linux/module.h> |
| 14 | #include <linux/sunrpc/types.h> | |
| 15 | #include <linux/sunrpc/xdr.h> | |
| 16 | #include <linux/sunrpc/svcsock.h> | |
| 17 | #include <linux/sunrpc/svcauth.h> | |
| 18 | #include <linux/err.h> | |
| 19 | #include <linux/hash.h> | |
| 20 | ||
| 21 | #define RPCDBG_FACILITY RPCDBG_AUTH | |
| 22 | ||
| 23 | ||
| 24 | /* | |
| 25 | * Table of authenticators | |
| 26 | */ | |
| 27 | extern struct auth_ops svcauth_null; | |
| 28 | extern struct auth_ops svcauth_unix; | |
| 29 | ||
| 30 | static DEFINE_SPINLOCK(authtab_lock); | |
| 31 | static struct auth_ops *authtab[RPC_AUTH_MAXFLAVOR] = { | |
| 32 | [0] = &svcauth_null, | |
| 33 | [1] = &svcauth_unix, | |
| 34 | }; | |
| 35 | ||
| 36 | int | |
| d8ed029d | 37 | svc_authenticate(struct svc_rqst *rqstp, __be32 *authp) |
| 1da177e4 LT |
38 | { |
| 39 | rpc_authflavor_t flavor; | |
| 40 | struct auth_ops *aops; | |
| 41 | ||
| 42 | *authp = rpc_auth_ok; | |
| 43 | ||
| 76994313 | 44 | flavor = svc_getnl(&rqstp->rq_arg.head[0]); |
| 1da177e4 LT |
45 | |
| 46 | dprintk("svc: svc_authenticate (%d)\n", flavor); | |
| 47 | ||
| 48 | spin_lock(&authtab_lock); | |
| 49 | if (flavor >= RPC_AUTH_MAXFLAVOR || !(aops = authtab[flavor]) | |
| 50 | || !try_module_get(aops->owner)) { | |
| 51 | spin_unlock(&authtab_lock); | |
| 52 | *authp = rpc_autherr_badcred; | |
| 53 | return SVC_DENIED; | |
| 54 | } | |
| 55 | spin_unlock(&authtab_lock); | |
| 56 | ||
| 57 | rqstp->rq_authop = aops; | |
| 58 | return aops->accept(rqstp, authp); | |
| 59 | } | |
| 60 | ||
| 61 | int svc_set_client(struct svc_rqst *rqstp) | |
| 62 | { | |
| 63 | return rqstp->rq_authop->set_client(rqstp); | |
| 64 | } | |
| 65 | ||
| 66 | /* A request, which was authenticated, has now executed. | |
| 59c51591 | 67 | * Time to finalise the credentials and verifier |
| 1da177e4 LT |
68 | * and release and resources |
| 69 | */ | |
| 70 | int svc_authorise(struct svc_rqst *rqstp) | |
| 71 | { | |
| 72 | struct auth_ops *aops = rqstp->rq_authop; | |
| 73 | int rv = 0; | |
| 74 | ||
| 75 | rqstp->rq_authop = NULL; | |
| cca5172a | 76 | |
| 1da177e4 LT |
77 | if (aops) { |
| 78 | rv = aops->release(rqstp); | |
| 79 | module_put(aops->owner); | |
| 80 | } | |
| 81 | return rv; | |
| 82 | } | |
| 83 | ||
| 84 | int | |
| 85 | svc_auth_register(rpc_authflavor_t flavor, struct auth_ops *aops) | |
| 86 | { | |
| 87 | int rv = -EINVAL; | |
| 88 | spin_lock(&authtab_lock); | |
| 89 | if (flavor < RPC_AUTH_MAXFLAVOR && authtab[flavor] == NULL) { | |
| 90 | authtab[flavor] = aops; | |
| 91 | rv = 0; | |
| 92 | } | |
| 93 | spin_unlock(&authtab_lock); | |
| 94 | return rv; | |
| 95 | } | |
| 96 | ||
| 97 | void | |
| 98 | svc_auth_unregister(rpc_authflavor_t flavor) | |
| 99 | { | |
| 100 | spin_lock(&authtab_lock); | |
| 101 | if (flavor < RPC_AUTH_MAXFLAVOR) | |
| 102 | authtab[flavor] = NULL; | |
| 103 | spin_unlock(&authtab_lock); | |
| 104 | } | |
| 105 | EXPORT_SYMBOL(svc_auth_unregister); | |
| 106 | ||
| 107 | /************************************************** | |
| efc36aa5 N |
108 | * 'auth_domains' are stored in a hash table indexed by name. |
| 109 | * When the last reference to an 'auth_domain' is dropped, | |
| 110 | * the object is unhashed and freed. | |
| 111 | * If auth_domain_lookup fails to find an entry, it will return | |
| 112 | * it's second argument 'new'. If this is non-null, it will | |
| 113 | * have been atomically linked into the table. | |
| 1da177e4 LT |
114 | */ |
| 115 | ||
| 1da177e4 LT |
116 | #define DN_HASHBITS 6 |
| 117 | #define DN_HASHMAX (1<<DN_HASHBITS) | |
| 118 | #define DN_HASHMASK (DN_HASHMAX-1) | |
| 119 | ||
| efc36aa5 | 120 | static struct hlist_head auth_domain_table[DN_HASHMAX]; |
| 6cfd76a2 PZ |
121 | static spinlock_t auth_domain_lock = |
| 122 | __SPIN_LOCK_UNLOCKED(auth_domain_lock); | |
| 1da177e4 LT |
123 | |
| 124 | void auth_domain_put(struct auth_domain *dom) | |
| 125 | { | |
| efc36aa5 N |
126 | if (atomic_dec_and_lock(&dom->ref.refcount, &auth_domain_lock)) { |
| 127 | hlist_del(&dom->hash); | |
| 128 | dom->flavour->domain_release(dom); | |
| 0c7bb31d | 129 | spin_unlock(&auth_domain_lock); |
| efc36aa5 | 130 | } |
| 1da177e4 LT |
131 | } |
| 132 | ||
| 133 | struct auth_domain * | |
| efc36aa5 | 134 | auth_domain_lookup(char *name, struct auth_domain *new) |
| 1da177e4 | 135 | { |
| efc36aa5 N |
136 | struct auth_domain *hp; |
| 137 | struct hlist_head *head; | |
| 138 | struct hlist_node *np; | |
| 139 | ||
| 140 | head = &auth_domain_table[hash_str(name, DN_HASHBITS)]; | |
| 141 | ||
| 142 | spin_lock(&auth_domain_lock); | |
| 143 | ||
| 144 | hlist_for_each_entry(hp, np, head, hash) { | |
| 145 | if (strcmp(hp->name, name)==0) { | |
| 146 | kref_get(&hp->ref); | |
| 147 | spin_unlock(&auth_domain_lock); | |
| 148 | return hp; | |
| 1da177e4 | 149 | } |
| 1da177e4 | 150 | } |
| d6740df9 | 151 | if (new) |
| efc36aa5 | 152 | hlist_add_head(&new->hash, head); |
| efc36aa5 N |
153 | spin_unlock(&auth_domain_lock); |
| 154 | return new; | |
| 1da177e4 LT |
155 | } |
| 156 | ||
| 157 | struct auth_domain *auth_domain_find(char *name) | |
| 158 | { | |
| efc36aa5 | 159 | return auth_domain_lookup(name, NULL); |
| 1da177e4 | 160 | } |