// SPDX-License-Identifier: GPL-2.0-only /* * linux/net/sunrpc/auth.c * * Generic RPC client authentication API. * * Copyright (C) 1996, Olaf Kirch <[email protected]> */ #include <linux/types.h> #include <linux/sched.h> #include <linux/cred.h> #include <linux/module.h> #include <linux/slab.h> #include <linux/errno.h> #include <linux/hash.h> #include <linux/sunrpc/clnt.h> #include <linux/sunrpc/gss_api.h> #include <linux/spinlock.h> #include <trace/events/sunrpc.h> #define RPC_CREDCACHE_DEFAULT_HASHBITS … struct rpc_cred_cache { … }; static unsigned int auth_hashbits = …; static const struct rpc_authops __rcu *auth_flavors[RPC_AUTH_MAXFLAVOR] = …; static LIST_HEAD(cred_unused); static unsigned long number_cred_unused; static struct cred machine_cred = …; /* * Return the machine_cred pointer to be used whenever * the a generic machine credential is needed. */ const struct cred *rpc_machine_cred(void) { … } EXPORT_SYMBOL_GPL(…); #define MAX_HASHTABLE_BITS … static int param_set_hashtbl_sz(const char *val, const struct kernel_param *kp) { … } static int param_get_hashtbl_sz(char *buffer, const struct kernel_param *kp) { … } #define param_check_hashtbl_sz(name, p) … static const struct kernel_param_ops param_ops_hashtbl_sz = …; module_param_named(auth_hashtable_size, auth_hashbits, hashtbl_sz, 0644); MODULE_PARM_DESC(…) …; static unsigned long auth_max_cred_cachesize = …; module_param(auth_max_cred_cachesize, ulong, 0644); MODULE_PARM_DESC(…) …; static u32 pseudoflavor_to_flavor(u32 flavor) { … } int rpcauth_register(const struct rpc_authops *ops) { … } EXPORT_SYMBOL_GPL(…); int rpcauth_unregister(const struct rpc_authops *ops) { … } EXPORT_SYMBOL_GPL(…); static const struct rpc_authops * rpcauth_get_authops(rpc_authflavor_t flavor) { … } static void rpcauth_put_authops(const struct rpc_authops *ops) { … } /** * rpcauth_get_pseudoflavor - check if security flavor is supported * @flavor: a security flavor * @info: a GSS mech OID, quality of protection, and service value * * Verifies that an appropriate kernel module is available or already loaded. * Returns an equivalent pseudoflavor, or RPC_AUTH_MAXFLAVOR if "flavor" is * not supported locally. */ rpc_authflavor_t rpcauth_get_pseudoflavor(rpc_authflavor_t flavor, struct rpcsec_gss_info *info) { … } EXPORT_SYMBOL_GPL(…); /** * rpcauth_get_gssinfo - find GSS tuple matching a GSS pseudoflavor * @pseudoflavor: GSS pseudoflavor to match * @info: rpcsec_gss_info structure to fill in * * Returns zero and fills in "info" if pseudoflavor matches a * supported mechanism. */ int rpcauth_get_gssinfo(rpc_authflavor_t pseudoflavor, struct rpcsec_gss_info *info) { … } EXPORT_SYMBOL_GPL(…); struct rpc_auth * rpcauth_create(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt) { … } EXPORT_SYMBOL_GPL(…); void rpcauth_release(struct rpc_auth *auth) { … } static DEFINE_SPINLOCK(rpc_credcache_lock); /* * On success, the caller is responsible for freeing the reference * held by the hashtable */ static bool rpcauth_unhash_cred_locked(struct rpc_cred *cred) { … } static bool rpcauth_unhash_cred(struct rpc_cred *cred) { … } /* * Initialize RPC credential cache */ int rpcauth_init_credcache(struct rpc_auth *auth) { … } EXPORT_SYMBOL_GPL(…); char * rpcauth_stringify_acceptor(struct rpc_cred *cred) { … } EXPORT_SYMBOL_GPL(…); /* * Destroy a list of credentials */ static inline void rpcauth_destroy_credlist(struct list_head *head) { … } static void rpcauth_lru_add_locked(struct rpc_cred *cred) { … } static void rpcauth_lru_add(struct rpc_cred *cred) { … } static void rpcauth_lru_remove_locked(struct rpc_cred *cred) { … } static void rpcauth_lru_remove(struct rpc_cred *cred) { … } /* * Clear the RPC credential cache, and delete those credentials * that are not referenced. */ void rpcauth_clear_credcache(struct rpc_cred_cache *cache) { … } /* * Destroy the RPC credential cache */ void rpcauth_destroy_credcache(struct rpc_auth *auth) { … } EXPORT_SYMBOL_GPL(…); #define RPC_AUTH_EXPIRY_MORATORIUM … /* * Remove stale credentials. Avoid sleeping inside the loop. */ static long rpcauth_prune_expired(struct list_head *free, int nr_to_scan) { … } static unsigned long rpcauth_cache_do_shrink(int nr_to_scan) { … } /* * Run memory cache shrinker. */ static unsigned long rpcauth_cache_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) { … } static unsigned long rpcauth_cache_shrink_count(struct shrinker *shrink, struct shrink_control *sc) { … } static void rpcauth_cache_enforce_limit(void) { … } /* * Look up a process' credentials in the authentication cache */ struct rpc_cred * rpcauth_lookup_credcache(struct rpc_auth *auth, struct auth_cred * acred, int flags, gfp_t gfp) { … } EXPORT_SYMBOL_GPL(…); struct rpc_cred * rpcauth_lookupcred(struct rpc_auth *auth, int flags) { … } EXPORT_SYMBOL_GPL(…); void rpcauth_init_cred(struct rpc_cred *cred, const struct auth_cred *acred, struct rpc_auth *auth, const struct rpc_credops *ops) { … } EXPORT_SYMBOL_GPL(…); static struct rpc_cred * rpcauth_bind_root_cred(struct rpc_task *task, int lookupflags) { … } static struct rpc_cred * rpcauth_bind_machine_cred(struct rpc_task *task, int lookupflags) { … } static struct rpc_cred * rpcauth_bind_new_cred(struct rpc_task *task, int lookupflags) { … } static int rpcauth_bindcred(struct rpc_task *task, const struct cred *cred, int flags) { … } void put_rpccred(struct rpc_cred *cred) { … } EXPORT_SYMBOL_GPL(…); /** * rpcauth_marshcred - Append RPC credential to end of @xdr * @task: controlling RPC task * @xdr: xdr_stream containing initial portion of RPC Call header * * On success, an appropriate verifier is added to @xdr, @xdr is * updated to point past the verifier, and zero is returned. * Otherwise, @xdr is in an undefined state and a negative errno * is returned. */ int rpcauth_marshcred(struct rpc_task *task, struct xdr_stream *xdr) { … } /** * rpcauth_wrap_req_encode - XDR encode the RPC procedure * @task: controlling RPC task * @xdr: stream where on-the-wire bytes are to be marshalled * * On success, @xdr contains the encoded and wrapped message. * Otherwise, @xdr is in an undefined state. */ int rpcauth_wrap_req_encode(struct rpc_task *task, struct xdr_stream *xdr) { … } EXPORT_SYMBOL_GPL(…); /** * rpcauth_wrap_req - XDR encode and wrap the RPC procedure * @task: controlling RPC task * @xdr: stream where on-the-wire bytes are to be marshalled * * On success, @xdr contains the encoded and wrapped message, * and zero is returned. Otherwise, @xdr is in an undefined * state and a negative errno is returned. */ int rpcauth_wrap_req(struct rpc_task *task, struct xdr_stream *xdr) { … } /** * rpcauth_checkverf - Validate verifier in RPC Reply header * @task: controlling RPC task * @xdr: xdr_stream containing RPC Reply header * * Return values: * %0: Verifier is valid. @xdr now points past the verifier. * %-EIO: Verifier is corrupted or message ended early. * %-EACCES: Verifier is intact but not valid. * %-EPROTONOSUPPORT: Server does not support the requested auth type. * * When a negative errno is returned, @xdr is left in an undefined * state. */ int rpcauth_checkverf(struct rpc_task *task, struct xdr_stream *xdr) { … } /** * rpcauth_unwrap_resp_decode - Invoke XDR decode function * @task: controlling RPC task * @xdr: stream where the Reply message resides * * Returns zero on success; otherwise a negative errno is returned. */ int rpcauth_unwrap_resp_decode(struct rpc_task *task, struct xdr_stream *xdr) { … } EXPORT_SYMBOL_GPL(…); /** * rpcauth_unwrap_resp - Invoke unwrap and decode function for the cred * @task: controlling RPC task * @xdr: stream where the Reply message resides * * Returns zero on success; otherwise a negative errno is returned. */ int rpcauth_unwrap_resp(struct rpc_task *task, struct xdr_stream *xdr) { … } bool rpcauth_xmit_need_reencode(struct rpc_task *task) { … } int rpcauth_refreshcred(struct rpc_task *task) { … } void rpcauth_invalcred(struct rpc_task *task) { … } int rpcauth_uptodatecred(struct rpc_task *task) { … } static struct shrinker *rpc_cred_shrinker; int __init rpcauth_init_module(void) { … } void rpcauth_remove_module(void) { … }
Codebase Browser
linux