diff options
Diffstat (limited to 'net/sunrpc/auth_unix.c')
| -rw-r--r-- | net/sunrpc/auth_unix.c | 122 | 
1 files changed, 71 insertions, 51 deletions
| diff --git a/net/sunrpc/auth_unix.c b/net/sunrpc/auth_unix.c index 387f6b3ffbea..d4018e5a24c5 100644 --- a/net/sunrpc/auth_unix.c +++ b/net/sunrpc/auth_unix.c @@ -28,8 +28,6 @@ static mempool_t		*unix_pool;  static struct rpc_auth *  unx_create(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)  { -	dprintk("RPC:       creating UNIX authenticator for client %p\n", -			clnt);  	refcount_inc(&unix_auth.au_count);  	return &unix_auth;  } @@ -37,7 +35,6 @@ unx_create(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)  static void  unx_destroy(struct rpc_auth *auth)  { -	dprintk("RPC:       destroying UNIX authenticator %p\n", auth);  }  /* @@ -48,10 +45,6 @@ unx_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)  {  	struct rpc_cred *ret = mempool_alloc(unix_pool, GFP_NOFS); -	dprintk("RPC:       allocating UNIX cred for uid %d gid %d\n", -			from_kuid(&init_user_ns, acred->cred->fsuid), -			from_kgid(&init_user_ns, acred->cred->fsgid)); -  	rpcauth_init_cred(ret, acred, auth, &unix_credops);  	ret->cr_flags = 1UL << RPCAUTH_CRED_UPTODATE;  	return ret; @@ -61,7 +54,7 @@ static void  unx_free_cred_callback(struct rcu_head *head)  {  	struct rpc_cred *rpc_cred = container_of(head, struct rpc_cred, cr_rcu); -	dprintk("RPC:       unx_free_cred %p\n", rpc_cred); +  	put_cred(rpc_cred->cr_cred);  	mempool_free(rpc_cred, unix_pool);  } @@ -87,7 +80,7 @@ unx_match(struct auth_cred *acred, struct rpc_cred *cred, int flags)  	if (!uid_eq(cred->cr_cred->fsuid, acred->cred->fsuid) || !gid_eq(cred->cr_cred->fsgid, acred->cred->fsgid))  		return 0; -	if (acred->cred && acred->cred->group_info != NULL) +	if (acred->cred->group_info != NULL)  		groups = acred->cred->group_info->ngroups;  	if (groups > UNX_NGROUPS)  		groups = UNX_NGROUPS; @@ -106,37 +99,55 @@ unx_match(struct auth_cred *acred, struct rpc_cred *cred, int flags)   * Marshal credentials.   * Maybe we should keep a cached credential for performance reasons.   */ -static __be32 * -unx_marshal(struct rpc_task *task, __be32 *p) +static int +unx_marshal(struct rpc_task *task, struct xdr_stream *xdr)  {  	struct rpc_clnt	*clnt = task->tk_client;  	struct rpc_cred	*cred = task->tk_rqstp->rq_cred; -	__be32		*base, *hold; +	__be32		*p, *cred_len, *gidarr_len;  	int		i;  	struct group_info *gi = cred->cr_cred->group_info; -	*p++ = htonl(RPC_AUTH_UNIX); -	base = p++; -	*p++ = htonl(jiffies/HZ); - -	/* -	 * Copy the UTS nodename captured when the client was created. -	 */ -	p = xdr_encode_array(p, clnt->cl_nodename, clnt->cl_nodelen); - -	*p++ = htonl((u32) from_kuid(&init_user_ns, cred->cr_cred->fsuid)); -	*p++ = htonl((u32) from_kgid(&init_user_ns, cred->cr_cred->fsgid)); -	hold = p++; +	/* Credential */ + +	p = xdr_reserve_space(xdr, 3 * sizeof(*p)); +	if (!p) +		goto marshal_failed; +	*p++ = rpc_auth_unix; +	cred_len = p++; +	*p++ = xdr_zero;	/* stamp */ +	if (xdr_stream_encode_opaque(xdr, clnt->cl_nodename, +				     clnt->cl_nodelen) < 0) +		goto marshal_failed; +	p = xdr_reserve_space(xdr, 3 * sizeof(*p)); +	if (!p) +		goto marshal_failed; +	*p++ = cpu_to_be32(from_kuid(&init_user_ns, cred->cr_cred->fsuid)); +	*p++ = cpu_to_be32(from_kgid(&init_user_ns, cred->cr_cred->fsgid)); + +	gidarr_len = p++;  	if (gi)  		for (i = 0; i < UNX_NGROUPS && i < gi->ngroups; i++) -			*p++ = htonl((u32) from_kgid(&init_user_ns, gi->gid[i])); -	*hold = htonl(p - hold - 1);		/* gid array length */ -	*base = htonl((p - base - 1) << 2);	/* cred length */ +			*p++ = cpu_to_be32(from_kgid(&init_user_ns, +						     gi->gid[i])); +	*gidarr_len = cpu_to_be32(p - gidarr_len - 1); +	*cred_len = cpu_to_be32((p - cred_len - 1) << 2); +	p = xdr_reserve_space(xdr, (p - gidarr_len - 1) << 2); +	if (!p) +		goto marshal_failed; + +	/* Verifier */ + +	p = xdr_reserve_space(xdr, 2 * sizeof(*p)); +	if (!p) +		goto marshal_failed; +	*p++ = rpc_auth_null; +	*p   = xdr_zero; -	*p++ = htonl(RPC_AUTH_NULL); -	*p++ = htonl(0); +	return 0; -	return p; +marshal_failed: +	return -EMSGSIZE;  }  /* @@ -149,29 +160,35 @@ unx_refresh(struct rpc_task *task)  	return 0;  } -static __be32 * -unx_validate(struct rpc_task *task, __be32 *p) +static int +unx_validate(struct rpc_task *task, struct xdr_stream *xdr)  { -	rpc_authflavor_t	flavor; -	u32			size; - -	flavor = ntohl(*p++); -	if (flavor != RPC_AUTH_NULL && -	    flavor != RPC_AUTH_UNIX && -	    flavor != RPC_AUTH_SHORT) { -		printk("RPC: bad verf flavor: %u\n", flavor); -		return ERR_PTR(-EIO); -	} - -	size = ntohl(*p++); -	if (size > RPC_MAX_AUTH_SIZE) { -		printk("RPC: giant verf size: %u\n", size); -		return ERR_PTR(-EIO); +	struct rpc_auth *auth = task->tk_rqstp->rq_cred->cr_auth; +	__be32 *p; +	u32 size; + +	p = xdr_inline_decode(xdr, 2 * sizeof(*p)); +	if (!p) +		return -EIO; +	switch (*p++) { +	case rpc_auth_null: +	case rpc_auth_unix: +	case rpc_auth_short: +		break; +	default: +		return -EIO;  	} -	task->tk_rqstp->rq_cred->cr_auth->au_rslack = (size >> 2) + 2; -	p += (size >> 2); - -	return p; +	size = be32_to_cpup(p); +	if (size > RPC_MAX_AUTH_SIZE) +		return -EIO; +	p = xdr_inline_decode(xdr, size); +	if (!p) +		return -EIO; + +	auth->au_verfsize = XDR_QUADLEN(size) + 2; +	auth->au_rslack = XDR_QUADLEN(size) + 2; +	auth->au_ralign = XDR_QUADLEN(size) + 2; +	return 0;  }  int __init rpc_init_authunix(void) @@ -198,6 +215,7 @@ static  struct rpc_auth		unix_auth = {  	.au_cslack	= UNX_CALLSLACK,  	.au_rslack	= NUL_REPLYSLACK, +	.au_verfsize	= NUL_REPLYSLACK,  	.au_ops		= &authunix_ops,  	.au_flavor	= RPC_AUTH_UNIX,  	.au_count	= REFCOUNT_INIT(1), @@ -209,6 +227,8 @@ const struct rpc_credops unix_credops = {  	.crdestroy	= unx_destroy_cred,  	.crmatch	= unx_match,  	.crmarshal	= unx_marshal, +	.crwrap_req	= rpcauth_wrap_req_encode,  	.crrefresh	= unx_refresh,  	.crvalidate	= unx_validate, +	.crunwrap_resp	= rpcauth_unwrap_resp_decode,  }; | 
