// SPDX-License-Identifier: GPL-2.0-only #include <linux/types.h> #include <linux/sched.h> #include <linux/module.h> #include <linux/sunrpc/types.h> #include <linux/sunrpc/xdr.h> #include <linux/sunrpc/svcsock.h> #include <linux/sunrpc/svcauth.h> #include <linux/sunrpc/gss_api.h> #include <linux/sunrpc/addr.h> #include <linux/err.h> #include <linux/seq_file.h> #include <linux/hash.h> #include <linux/string.h> #include <linux/slab.h> #include <net/sock.h> #include <net/ipv6.h> #include <linux/kernel.h> #include <linux/user_namespace.h> #include <trace/events/sunrpc.h> #define RPCDBG_FACILITY … #include "netns.h" /* * AUTHUNIX and AUTHNULL credentials are both handled here. * AUTHNULL is treated just like AUTHUNIX except that the uid/gid * are always nobody (-2). i.e. we do the same IP address checks for * AUTHNULL as for AUTHUNIX, and that is done here. */ struct unix_domain { … }; extern struct auth_ops svcauth_null; extern struct auth_ops svcauth_unix; extern struct auth_ops svcauth_tls; static void svcauth_unix_domain_release_rcu(struct rcu_head *head) { … } static void svcauth_unix_domain_release(struct auth_domain *dom) { … } struct auth_domain *unix_domain_find(char *name) { … } EXPORT_SYMBOL_GPL(…); /************************************************** * cache for IP address to unix_domain * as needed by AUTH_UNIX */ #define IP_HASHBITS … #define IP_HASHMAX … struct ip_map { … }; static void ip_map_put(struct kref *kref) { … } static inline int hash_ip6(const struct in6_addr *ip) { … } static int ip_map_match(struct cache_head *corig, struct cache_head *cnew) { … } static void ip_map_init(struct cache_head *cnew, struct cache_head *citem) { … } static void update(struct cache_head *cnew, struct cache_head *citem) { … } static struct cache_head *ip_map_alloc(void) { … } static int ip_map_upcall(struct cache_detail *cd, struct cache_head *h) { … } static void ip_map_request(struct cache_detail *cd, struct cache_head *h, char **bpp, int *blen) { … } static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class, struct in6_addr *addr); static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm, struct unix_domain *udom, time64_t expiry); static int ip_map_parse(struct cache_detail *cd, char *mesg, int mlen) { … } static int ip_map_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) { … } static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class, struct in6_addr *addr) { … } static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm, struct unix_domain *udom, time64_t expiry) { … } void svcauth_unix_purge(struct net *net) { … } EXPORT_SYMBOL_GPL(…); static inline struct ip_map * ip_map_cached_get(struct svc_xprt *xprt) { … } static inline void ip_map_cached_put(struct svc_xprt *xprt, struct ip_map *ipm) { … } void svcauth_unix_info_release(struct svc_xprt *xpt) { … } /**************************************************************************** * auth.unix.gid cache * simple cache to map a UID to a list of GIDs * because AUTH_UNIX aka AUTH_SYS has a max of UNX_NGROUPS */ #define GID_HASHBITS … #define GID_HASHMAX … struct unix_gid { … }; static int unix_gid_hash(kuid_t uid) { … } static void unix_gid_free(struct rcu_head *rcu) { … } static void unix_gid_put(struct kref *kref) { … } static int unix_gid_match(struct cache_head *corig, struct cache_head *cnew) { … } static void unix_gid_init(struct cache_head *cnew, struct cache_head *citem) { … } static void unix_gid_update(struct cache_head *cnew, struct cache_head *citem) { … } static struct cache_head *unix_gid_alloc(void) { … } static int unix_gid_upcall(struct cache_detail *cd, struct cache_head *h) { … } static void unix_gid_request(struct cache_detail *cd, struct cache_head *h, char **bpp, int *blen) { … } static struct unix_gid *unix_gid_lookup(struct cache_detail *cd, kuid_t uid); static int unix_gid_parse(struct cache_detail *cd, char *mesg, int mlen) { … } static int unix_gid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) { … } static const struct cache_detail unix_gid_cache_template = …; int unix_gid_cache_create(struct net *net) { … } void unix_gid_cache_destroy(struct net *net) { … } static struct unix_gid *unix_gid_lookup(struct cache_detail *cd, kuid_t uid) { … } static struct group_info *unix_gid_find(kuid_t uid, struct svc_rqst *rqstp) { … } enum svc_auth_status svcauth_unix_set_client(struct svc_rqst *rqstp) { … } EXPORT_SYMBOL_GPL(…); /** * svcauth_null_accept - Decode and validate incoming RPC_AUTH_NULL credential * @rqstp: RPC transaction * * Return values: * %SVC_OK: Both credential and verifier are valid * %SVC_DENIED: Credential or verifier is not valid * %SVC_GARBAGE: Failed to decode credential or verifier * %SVC_CLOSE: Temporary failure * * rqstp->rq_auth_stat is set as mandated by RFC 5531. */ static enum svc_auth_status svcauth_null_accept(struct svc_rqst *rqstp) { … } static int svcauth_null_release(struct svc_rqst *rqstp) { … } struct auth_ops svcauth_null = …; /** * svcauth_tls_accept - Decode and validate incoming RPC_AUTH_TLS credential * @rqstp: RPC transaction * * Return values: * %SVC_OK: Both credential and verifier are valid * %SVC_DENIED: Credential or verifier is not valid * %SVC_GARBAGE: Failed to decode credential or verifier * %SVC_CLOSE: Temporary failure * * rqstp->rq_auth_stat is set as mandated by RFC 5531. */ static enum svc_auth_status svcauth_tls_accept(struct svc_rqst *rqstp) { … } struct auth_ops svcauth_tls = …; /** * svcauth_unix_accept - Decode and validate incoming RPC_AUTH_SYS credential * @rqstp: RPC transaction * * Return values: * %SVC_OK: Both credential and verifier are valid * %SVC_DENIED: Credential or verifier is not valid * %SVC_GARBAGE: Failed to decode credential or verifier * %SVC_CLOSE: Temporary failure * * rqstp->rq_auth_stat is set as mandated by RFC 5531. */ static enum svc_auth_status svcauth_unix_accept(struct svc_rqst *rqstp) { … } static int svcauth_unix_release(struct svc_rqst *rqstp) { … } struct auth_ops svcauth_unix = …; static const struct cache_detail ip_map_cache_template = …; int ip_map_cache_create(struct net *net) { … } void ip_map_cache_destroy(struct net *net) { … }
Codebase Browser
linux