sunrpc: Pass xprt to cached get/put routines
[linux-3.10.git] / net / sunrpc / svcauth_unix.c
1 #include <linux/types.h>
2 #include <linux/sched.h>
3 #include <linux/module.h>
4 #include <linux/sunrpc/types.h>
5 #include <linux/sunrpc/xdr.h>
6 #include <linux/sunrpc/svcsock.h>
7 #include <linux/sunrpc/svcauth.h>
8 #include <linux/sunrpc/gss_api.h>
9 #include <linux/err.h>
10 #include <linux/seq_file.h>
11 #include <linux/hash.h>
12 #include <linux/string.h>
13 #include <linux/slab.h>
14 #include <net/sock.h>
15 #include <net/ipv6.h>
16 #include <linux/kernel.h>
17 #define RPCDBG_FACILITY RPCDBG_AUTH
18
19 #include <linux/sunrpc/clnt.h>
20
21 /*
22  * AUTHUNIX and AUTHNULL credentials are both handled here.
23  * AUTHNULL is treated just like AUTHUNIX except that the uid/gid
24  * are always nobody (-2).  i.e. we do the same IP address checks for
25  * AUTHNULL as for AUTHUNIX, and that is done here.
26  */
27
28
29 struct unix_domain {
30         struct auth_domain      h;
31         int     addr_changes;
32         /* other stuff later */
33 };
34
35 extern struct auth_ops svcauth_unix;
36
37 struct auth_domain *unix_domain_find(char *name)
38 {
39         struct auth_domain *rv;
40         struct unix_domain *new = NULL;
41
42         rv = auth_domain_lookup(name, NULL);
43         while(1) {
44                 if (rv) {
45                         if (new && rv != &new->h)
46                                 auth_domain_put(&new->h);
47
48                         if (rv->flavour != &svcauth_unix) {
49                                 auth_domain_put(rv);
50                                 return NULL;
51                         }
52                         return rv;
53                 }
54
55                 new = kmalloc(sizeof(*new), GFP_KERNEL);
56                 if (new == NULL)
57                         return NULL;
58                 kref_init(&new->h.ref);
59                 new->h.name = kstrdup(name, GFP_KERNEL);
60                 if (new->h.name == NULL) {
61                         kfree(new);
62                         return NULL;
63                 }
64                 new->h.flavour = &svcauth_unix;
65                 new->addr_changes = 0;
66                 rv = auth_domain_lookup(name, &new->h);
67         }
68 }
69 EXPORT_SYMBOL_GPL(unix_domain_find);
70
71 static void svcauth_unix_domain_release(struct auth_domain *dom)
72 {
73         struct unix_domain *ud = container_of(dom, struct unix_domain, h);
74
75         kfree(dom->name);
76         kfree(ud);
77 }
78
79
80 /**************************************************
81  * cache for IP address to unix_domain
82  * as needed by AUTH_UNIX
83  */
84 #define IP_HASHBITS     8
85 #define IP_HASHMAX      (1<<IP_HASHBITS)
86 #define IP_HASHMASK     (IP_HASHMAX-1)
87
88 struct ip_map {
89         struct cache_head       h;
90         char                    m_class[8]; /* e.g. "nfsd" */
91         struct in6_addr         m_addr;
92         struct unix_domain      *m_client;
93         int                     m_add_change;
94 };
95 static struct cache_head        *ip_table[IP_HASHMAX];
96
97 static void ip_map_put(struct kref *kref)
98 {
99         struct cache_head *item = container_of(kref, struct cache_head, ref);
100         struct ip_map *im = container_of(item, struct ip_map,h);
101
102         if (test_bit(CACHE_VALID, &item->flags) &&
103             !test_bit(CACHE_NEGATIVE, &item->flags))
104                 auth_domain_put(&im->m_client->h);
105         kfree(im);
106 }
107
108 #if IP_HASHBITS == 8
109 /* hash_long on a 64 bit machine is currently REALLY BAD for
110  * IP addresses in reverse-endian (i.e. on a little-endian machine).
111  * So use a trivial but reliable hash instead
112  */
113 static inline int hash_ip(__be32 ip)
114 {
115         int hash = (__force u32)ip ^ ((__force u32)ip>>16);
116         return (hash ^ (hash>>8)) & 0xff;
117 }
118 #endif
119 static inline int hash_ip6(struct in6_addr ip)
120 {
121         return (hash_ip(ip.s6_addr32[0]) ^
122                 hash_ip(ip.s6_addr32[1]) ^
123                 hash_ip(ip.s6_addr32[2]) ^
124                 hash_ip(ip.s6_addr32[3]));
125 }
126 static int ip_map_match(struct cache_head *corig, struct cache_head *cnew)
127 {
128         struct ip_map *orig = container_of(corig, struct ip_map, h);
129         struct ip_map *new = container_of(cnew, struct ip_map, h);
130         return strcmp(orig->m_class, new->m_class) == 0 &&
131                ipv6_addr_equal(&orig->m_addr, &new->m_addr);
132 }
133 static void ip_map_init(struct cache_head *cnew, struct cache_head *citem)
134 {
135         struct ip_map *new = container_of(cnew, struct ip_map, h);
136         struct ip_map *item = container_of(citem, struct ip_map, h);
137
138         strcpy(new->m_class, item->m_class);
139         ipv6_addr_copy(&new->m_addr, &item->m_addr);
140 }
141 static void update(struct cache_head *cnew, struct cache_head *citem)
142 {
143         struct ip_map *new = container_of(cnew, struct ip_map, h);
144         struct ip_map *item = container_of(citem, struct ip_map, h);
145
146         kref_get(&item->m_client->h.ref);
147         new->m_client = item->m_client;
148         new->m_add_change = item->m_add_change;
149 }
150 static struct cache_head *ip_map_alloc(void)
151 {
152         struct ip_map *i = kmalloc(sizeof(*i), GFP_KERNEL);
153         if (i)
154                 return &i->h;
155         else
156                 return NULL;
157 }
158
159 static void ip_map_request(struct cache_detail *cd,
160                                   struct cache_head *h,
161                                   char **bpp, int *blen)
162 {
163         char text_addr[40];
164         struct ip_map *im = container_of(h, struct ip_map, h);
165
166         if (ipv6_addr_v4mapped(&(im->m_addr))) {
167                 snprintf(text_addr, 20, "%pI4", &im->m_addr.s6_addr32[3]);
168         } else {
169                 snprintf(text_addr, 40, "%pI6", &im->m_addr);
170         }
171         qword_add(bpp, blen, im->m_class);
172         qword_add(bpp, blen, text_addr);
173         (*bpp)[-1] = '\n';
174 }
175
176 static int ip_map_upcall(struct cache_detail *cd, struct cache_head *h)
177 {
178         return sunrpc_cache_pipe_upcall(cd, h, ip_map_request);
179 }
180
181 static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class, struct in6_addr *addr);
182 static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm, struct unix_domain *udom, time_t expiry);
183
184 static int ip_map_parse(struct cache_detail *cd,
185                           char *mesg, int mlen)
186 {
187         /* class ipaddress [domainname] */
188         /* should be safe just to use the start of the input buffer
189          * for scratch: */
190         char *buf = mesg;
191         int len;
192         char class[8];
193         union {
194                 struct sockaddr         sa;
195                 struct sockaddr_in      s4;
196                 struct sockaddr_in6     s6;
197         } address;
198         struct sockaddr_in6 sin6;
199         int err;
200
201         struct ip_map *ipmp;
202         struct auth_domain *dom;
203         time_t expiry;
204
205         if (mesg[mlen-1] != '\n')
206                 return -EINVAL;
207         mesg[mlen-1] = 0;
208
209         /* class */
210         len = qword_get(&mesg, class, sizeof(class));
211         if (len <= 0) return -EINVAL;
212
213         /* ip address */
214         len = qword_get(&mesg, buf, mlen);
215         if (len <= 0) return -EINVAL;
216
217         if (rpc_pton(buf, len, &address.sa, sizeof(address)) == 0)
218                 return -EINVAL;
219         switch (address.sa.sa_family) {
220         case AF_INET:
221                 /* Form a mapped IPv4 address in sin6 */
222                 memset(&sin6, 0, sizeof(sin6));
223                 sin6.sin6_family = AF_INET6;
224                 sin6.sin6_addr.s6_addr32[2] = htonl(0xffff);
225                 sin6.sin6_addr.s6_addr32[3] = address.s4.sin_addr.s_addr;
226                 break;
227 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
228         case AF_INET6:
229                 memcpy(&sin6, &address.s6, sizeof(sin6));
230                 break;
231 #endif
232         default:
233                 return -EINVAL;
234         }
235
236         expiry = get_expiry(&mesg);
237         if (expiry ==0)
238                 return -EINVAL;
239
240         /* domainname, or empty for NEGATIVE */
241         len = qword_get(&mesg, buf, mlen);
242         if (len < 0) return -EINVAL;
243
244         if (len) {
245                 dom = unix_domain_find(buf);
246                 if (dom == NULL)
247                         return -ENOENT;
248         } else
249                 dom = NULL;
250
251         /* IPv6 scope IDs are ignored for now */
252         ipmp = __ip_map_lookup(cd, class, &sin6.sin6_addr);
253         if (ipmp) {
254                 err = __ip_map_update(cd, ipmp,
255                              container_of(dom, struct unix_domain, h),
256                              expiry);
257         } else
258                 err = -ENOMEM;
259
260         if (dom)
261                 auth_domain_put(dom);
262
263         cache_flush();
264         return err;
265 }
266
267 static int ip_map_show(struct seq_file *m,
268                        struct cache_detail *cd,
269                        struct cache_head *h)
270 {
271         struct ip_map *im;
272         struct in6_addr addr;
273         char *dom = "-no-domain-";
274
275         if (h == NULL) {
276                 seq_puts(m, "#class IP domain\n");
277                 return 0;
278         }
279         im = container_of(h, struct ip_map, h);
280         /* class addr domain */
281         ipv6_addr_copy(&addr, &im->m_addr);
282
283         if (test_bit(CACHE_VALID, &h->flags) &&
284             !test_bit(CACHE_NEGATIVE, &h->flags))
285                 dom = im->m_client->h.name;
286
287         if (ipv6_addr_v4mapped(&addr)) {
288                 seq_printf(m, "%s %pI4 %s\n",
289                         im->m_class, &addr.s6_addr32[3], dom);
290         } else {
291                 seq_printf(m, "%s %pI6 %s\n", im->m_class, &addr, dom);
292         }
293         return 0;
294 }
295
296
297 struct cache_detail ip_map_cache = {
298         .owner          = THIS_MODULE,
299         .hash_size      = IP_HASHMAX,
300         .hash_table     = ip_table,
301         .name           = "auth.unix.ip",
302         .cache_put      = ip_map_put,
303         .cache_upcall   = ip_map_upcall,
304         .cache_parse    = ip_map_parse,
305         .cache_show     = ip_map_show,
306         .match          = ip_map_match,
307         .init           = ip_map_init,
308         .update         = update,
309         .alloc          = ip_map_alloc,
310 };
311
312 static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class,
313                 struct in6_addr *addr)
314 {
315         struct ip_map ip;
316         struct cache_head *ch;
317
318         strcpy(ip.m_class, class);
319         ipv6_addr_copy(&ip.m_addr, addr);
320         ch = sunrpc_cache_lookup(cd, &ip.h,
321                                  hash_str(class, IP_HASHBITS) ^
322                                  hash_ip6(*addr));
323
324         if (ch)
325                 return container_of(ch, struct ip_map, h);
326         else
327                 return NULL;
328 }
329
330 static inline struct ip_map *ip_map_lookup(char *class, struct in6_addr *addr)
331 {
332         return __ip_map_lookup(&ip_map_cache, class, addr);
333 }
334
335 static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm,
336                 struct unix_domain *udom, time_t expiry)
337 {
338         struct ip_map ip;
339         struct cache_head *ch;
340
341         ip.m_client = udom;
342         ip.h.flags = 0;
343         if (!udom)
344                 set_bit(CACHE_NEGATIVE, &ip.h.flags);
345         else {
346                 ip.m_add_change = udom->addr_changes;
347                 /* if this is from the legacy set_client system call,
348                  * we need m_add_change to be one higher
349                  */
350                 if (expiry == NEVER)
351                         ip.m_add_change++;
352         }
353         ip.h.expiry_time = expiry;
354         ch = sunrpc_cache_update(cd, &ip.h, &ipm->h,
355                                  hash_str(ipm->m_class, IP_HASHBITS) ^
356                                  hash_ip6(ipm->m_addr));
357         if (!ch)
358                 return -ENOMEM;
359         cache_put(ch, cd);
360         return 0;
361 }
362
363 static inline int ip_map_update(struct ip_map *ipm, struct unix_domain *udom, time_t expiry)
364 {
365         return __ip_map_update(&ip_map_cache, ipm, udom, expiry);
366 }
367
368 int auth_unix_add_addr(struct in6_addr *addr, struct auth_domain *dom)
369 {
370         struct unix_domain *udom;
371         struct ip_map *ipmp;
372
373         if (dom->flavour != &svcauth_unix)
374                 return -EINVAL;
375         udom = container_of(dom, struct unix_domain, h);
376         ipmp = ip_map_lookup("nfsd", addr);
377
378         if (ipmp)
379                 return ip_map_update(ipmp, udom, NEVER);
380         else
381                 return -ENOMEM;
382 }
383 EXPORT_SYMBOL_GPL(auth_unix_add_addr);
384
385 int auth_unix_forget_old(struct auth_domain *dom)
386 {
387         struct unix_domain *udom;
388
389         if (dom->flavour != &svcauth_unix)
390                 return -EINVAL;
391         udom = container_of(dom, struct unix_domain, h);
392         udom->addr_changes++;
393         return 0;
394 }
395 EXPORT_SYMBOL_GPL(auth_unix_forget_old);
396
397 struct auth_domain *auth_unix_lookup(struct in6_addr *addr)
398 {
399         struct ip_map *ipm;
400         struct auth_domain *rv;
401
402         ipm = ip_map_lookup("nfsd", addr);
403
404         if (!ipm)
405                 return NULL;
406         if (cache_check(&ip_map_cache, &ipm->h, NULL))
407                 return NULL;
408
409         if ((ipm->m_client->addr_changes - ipm->m_add_change) >0) {
410                 if (test_and_set_bit(CACHE_NEGATIVE, &ipm->h.flags) == 0)
411                         auth_domain_put(&ipm->m_client->h);
412                 rv = NULL;
413         } else {
414                 rv = &ipm->m_client->h;
415                 kref_get(&rv->ref);
416         }
417         cache_put(&ipm->h, &ip_map_cache);
418         return rv;
419 }
420 EXPORT_SYMBOL_GPL(auth_unix_lookup);
421
422 void svcauth_unix_purge(void)
423 {
424         cache_purge(&ip_map_cache);
425 }
426 EXPORT_SYMBOL_GPL(svcauth_unix_purge);
427
428 static inline struct ip_map *
429 ip_map_cached_get(struct svc_xprt *xprt)
430 {
431         struct ip_map *ipm = NULL;
432
433         if (test_bit(XPT_CACHE_AUTH, &xprt->xpt_flags)) {
434                 spin_lock(&xprt->xpt_lock);
435                 ipm = xprt->xpt_auth_cache;
436                 if (ipm != NULL) {
437                         if (!cache_valid(&ipm->h)) {
438                                 /*
439                                  * The entry has been invalidated since it was
440                                  * remembered, e.g. by a second mount from the
441                                  * same IP address.
442                                  */
443                                 xprt->xpt_auth_cache = NULL;
444                                 spin_unlock(&xprt->xpt_lock);
445                                 cache_put(&ipm->h, &ip_map_cache);
446                                 return NULL;
447                         }
448                         cache_get(&ipm->h);
449                 }
450                 spin_unlock(&xprt->xpt_lock);
451         }
452         return ipm;
453 }
454
455 static inline void
456 ip_map_cached_put(struct svc_xprt *xprt, struct ip_map *ipm)
457 {
458         if (test_bit(XPT_CACHE_AUTH, &xprt->xpt_flags)) {
459                 spin_lock(&xprt->xpt_lock);
460                 if (xprt->xpt_auth_cache == NULL) {
461                         /* newly cached, keep the reference */
462                         xprt->xpt_auth_cache = ipm;
463                         ipm = NULL;
464                 }
465                 spin_unlock(&xprt->xpt_lock);
466         }
467         if (ipm)
468                 cache_put(&ipm->h, &ip_map_cache);
469 }
470
471 void
472 svcauth_unix_info_release(struct svc_xprt *xpt)
473 {
474         struct ip_map *ipm;
475
476         ipm = xpt->xpt_auth_cache;
477         if (ipm != NULL)
478                 cache_put(&ipm->h, &ip_map_cache);
479 }
480
481 /****************************************************************************
482  * auth.unix.gid cache
483  * simple cache to map a UID to a list of GIDs
484  * because AUTH_UNIX aka AUTH_SYS has a max of 16
485  */
486 #define GID_HASHBITS    8
487 #define GID_HASHMAX     (1<<GID_HASHBITS)
488 #define GID_HASHMASK    (GID_HASHMAX - 1)
489
490 struct unix_gid {
491         struct cache_head       h;
492         uid_t                   uid;
493         struct group_info       *gi;
494 };
495 static struct cache_head        *gid_table[GID_HASHMAX];
496
497 static void unix_gid_put(struct kref *kref)
498 {
499         struct cache_head *item = container_of(kref, struct cache_head, ref);
500         struct unix_gid *ug = container_of(item, struct unix_gid, h);
501         if (test_bit(CACHE_VALID, &item->flags) &&
502             !test_bit(CACHE_NEGATIVE, &item->flags))
503                 put_group_info(ug->gi);
504         kfree(ug);
505 }
506
507 static int unix_gid_match(struct cache_head *corig, struct cache_head *cnew)
508 {
509         struct unix_gid *orig = container_of(corig, struct unix_gid, h);
510         struct unix_gid *new = container_of(cnew, struct unix_gid, h);
511         return orig->uid == new->uid;
512 }
513 static void unix_gid_init(struct cache_head *cnew, struct cache_head *citem)
514 {
515         struct unix_gid *new = container_of(cnew, struct unix_gid, h);
516         struct unix_gid *item = container_of(citem, struct unix_gid, h);
517         new->uid = item->uid;
518 }
519 static void unix_gid_update(struct cache_head *cnew, struct cache_head *citem)
520 {
521         struct unix_gid *new = container_of(cnew, struct unix_gid, h);
522         struct unix_gid *item = container_of(citem, struct unix_gid, h);
523
524         get_group_info(item->gi);
525         new->gi = item->gi;
526 }
527 static struct cache_head *unix_gid_alloc(void)
528 {
529         struct unix_gid *g = kmalloc(sizeof(*g), GFP_KERNEL);
530         if (g)
531                 return &g->h;
532         else
533                 return NULL;
534 }
535
536 static void unix_gid_request(struct cache_detail *cd,
537                              struct cache_head *h,
538                              char **bpp, int *blen)
539 {
540         char tuid[20];
541         struct unix_gid *ug = container_of(h, struct unix_gid, h);
542
543         snprintf(tuid, 20, "%u", ug->uid);
544         qword_add(bpp, blen, tuid);
545         (*bpp)[-1] = '\n';
546 }
547
548 static int unix_gid_upcall(struct cache_detail *cd, struct cache_head *h)
549 {
550         return sunrpc_cache_pipe_upcall(cd, h, unix_gid_request);
551 }
552
553 static struct unix_gid *unix_gid_lookup(uid_t uid);
554 extern struct cache_detail unix_gid_cache;
555
556 static int unix_gid_parse(struct cache_detail *cd,
557                         char *mesg, int mlen)
558 {
559         /* uid expiry Ngid gid0 gid1 ... gidN-1 */
560         int uid;
561         int gids;
562         int rv;
563         int i;
564         int err;
565         time_t expiry;
566         struct unix_gid ug, *ugp;
567
568         if (mlen <= 0 || mesg[mlen-1] != '\n')
569                 return -EINVAL;
570         mesg[mlen-1] = 0;
571
572         rv = get_int(&mesg, &uid);
573         if (rv)
574                 return -EINVAL;
575         ug.uid = uid;
576
577         expiry = get_expiry(&mesg);
578         if (expiry == 0)
579                 return -EINVAL;
580
581         rv = get_int(&mesg, &gids);
582         if (rv || gids < 0 || gids > 8192)
583                 return -EINVAL;
584
585         ug.gi = groups_alloc(gids);
586         if (!ug.gi)
587                 return -ENOMEM;
588
589         for (i = 0 ; i < gids ; i++) {
590                 int gid;
591                 rv = get_int(&mesg, &gid);
592                 err = -EINVAL;
593                 if (rv)
594                         goto out;
595                 GROUP_AT(ug.gi, i) = gid;
596         }
597
598         ugp = unix_gid_lookup(uid);
599         if (ugp) {
600                 struct cache_head *ch;
601                 ug.h.flags = 0;
602                 ug.h.expiry_time = expiry;
603                 ch = sunrpc_cache_update(&unix_gid_cache,
604                                          &ug.h, &ugp->h,
605                                          hash_long(uid, GID_HASHBITS));
606                 if (!ch)
607                         err = -ENOMEM;
608                 else {
609                         err = 0;
610                         cache_put(ch, &unix_gid_cache);
611                 }
612         } else
613                 err = -ENOMEM;
614  out:
615         if (ug.gi)
616                 put_group_info(ug.gi);
617         return err;
618 }
619
620 static int unix_gid_show(struct seq_file *m,
621                          struct cache_detail *cd,
622                          struct cache_head *h)
623 {
624         struct unix_gid *ug;
625         int i;
626         int glen;
627
628         if (h == NULL) {
629                 seq_puts(m, "#uid cnt: gids...\n");
630                 return 0;
631         }
632         ug = container_of(h, struct unix_gid, h);
633         if (test_bit(CACHE_VALID, &h->flags) &&
634             !test_bit(CACHE_NEGATIVE, &h->flags))
635                 glen = ug->gi->ngroups;
636         else
637                 glen = 0;
638
639         seq_printf(m, "%u %d:", ug->uid, glen);
640         for (i = 0; i < glen; i++)
641                 seq_printf(m, " %d", GROUP_AT(ug->gi, i));
642         seq_printf(m, "\n");
643         return 0;
644 }
645
646 struct cache_detail unix_gid_cache = {
647         .owner          = THIS_MODULE,
648         .hash_size      = GID_HASHMAX,
649         .hash_table     = gid_table,
650         .name           = "auth.unix.gid",
651         .cache_put      = unix_gid_put,
652         .cache_upcall   = unix_gid_upcall,
653         .cache_parse    = unix_gid_parse,
654         .cache_show     = unix_gid_show,
655         .match          = unix_gid_match,
656         .init           = unix_gid_init,
657         .update         = unix_gid_update,
658         .alloc          = unix_gid_alloc,
659 };
660
661 static struct unix_gid *unix_gid_lookup(uid_t uid)
662 {
663         struct unix_gid ug;
664         struct cache_head *ch;
665
666         ug.uid = uid;
667         ch = sunrpc_cache_lookup(&unix_gid_cache, &ug.h,
668                                  hash_long(uid, GID_HASHBITS));
669         if (ch)
670                 return container_of(ch, struct unix_gid, h);
671         else
672                 return NULL;
673 }
674
675 static struct group_info *unix_gid_find(uid_t uid, struct svc_rqst *rqstp)
676 {
677         struct unix_gid *ug;
678         struct group_info *gi;
679         int ret;
680
681         ug = unix_gid_lookup(uid);
682         if (!ug)
683                 return ERR_PTR(-EAGAIN);
684         ret = cache_check(&unix_gid_cache, &ug->h, &rqstp->rq_chandle);
685         switch (ret) {
686         case -ENOENT:
687                 return ERR_PTR(-ENOENT);
688         case -ETIMEDOUT:
689                 return ERR_PTR(-ESHUTDOWN);
690         case 0:
691                 gi = get_group_info(ug->gi);
692                 cache_put(&ug->h, &unix_gid_cache);
693                 return gi;
694         default:
695                 return ERR_PTR(-EAGAIN);
696         }
697 }
698
699 int
700 svcauth_unix_set_client(struct svc_rqst *rqstp)
701 {
702         struct sockaddr_in *sin;
703         struct sockaddr_in6 *sin6, sin6_storage;
704         struct ip_map *ipm;
705         struct group_info *gi;
706         struct svc_cred *cred = &rqstp->rq_cred;
707         struct svc_xprt *xprt = rqstp->rq_xprt;
708
709         switch (rqstp->rq_addr.ss_family) {
710         case AF_INET:
711                 sin = svc_addr_in(rqstp);
712                 sin6 = &sin6_storage;
713                 ipv6_addr_set_v4mapped(sin->sin_addr.s_addr, &sin6->sin6_addr);
714                 break;
715         case AF_INET6:
716                 sin6 = svc_addr_in6(rqstp);
717                 break;
718         default:
719                 BUG();
720         }
721
722         rqstp->rq_client = NULL;
723         if (rqstp->rq_proc == 0)
724                 return SVC_OK;
725
726         ipm = ip_map_cached_get(xprt);
727         if (ipm == NULL)
728                 ipm = ip_map_lookup(rqstp->rq_server->sv_program->pg_class,
729                                     &sin6->sin6_addr);
730
731         if (ipm == NULL)
732                 return SVC_DENIED;
733
734         switch (cache_check(&ip_map_cache, &ipm->h, &rqstp->rq_chandle)) {
735                 default:
736                         BUG();
737                 case -ETIMEDOUT:
738                         return SVC_CLOSE;
739                 case -EAGAIN:
740                         return SVC_DROP;
741                 case -ENOENT:
742                         return SVC_DENIED;
743                 case 0:
744                         rqstp->rq_client = &ipm->m_client->h;
745                         kref_get(&rqstp->rq_client->ref);
746                         ip_map_cached_put(xprt, ipm);
747                         break;
748         }
749
750         gi = unix_gid_find(cred->cr_uid, rqstp);
751         switch (PTR_ERR(gi)) {
752         case -EAGAIN:
753                 return SVC_DROP;
754         case -ESHUTDOWN:
755                 return SVC_CLOSE;
756         case -ENOENT:
757                 break;
758         default:
759                 put_group_info(cred->cr_group_info);
760                 cred->cr_group_info = gi;
761         }
762         return SVC_OK;
763 }
764
765 EXPORT_SYMBOL_GPL(svcauth_unix_set_client);
766
767 static int
768 svcauth_null_accept(struct svc_rqst *rqstp, __be32 *authp)
769 {
770         struct kvec     *argv = &rqstp->rq_arg.head[0];
771         struct kvec     *resv = &rqstp->rq_res.head[0];
772         struct svc_cred *cred = &rqstp->rq_cred;
773
774         cred->cr_group_info = NULL;
775         rqstp->rq_client = NULL;
776
777         if (argv->iov_len < 3*4)
778                 return SVC_GARBAGE;
779
780         if (svc_getu32(argv) != 0) {
781                 dprintk("svc: bad null cred\n");
782                 *authp = rpc_autherr_badcred;
783                 return SVC_DENIED;
784         }
785         if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {
786                 dprintk("svc: bad null verf\n");
787                 *authp = rpc_autherr_badverf;
788                 return SVC_DENIED;
789         }
790
791         /* Signal that mapping to nobody uid/gid is required */
792         cred->cr_uid = (uid_t) -1;
793         cred->cr_gid = (gid_t) -1;
794         cred->cr_group_info = groups_alloc(0);
795         if (cred->cr_group_info == NULL)
796                 return SVC_CLOSE; /* kmalloc failure - client must retry */
797
798         /* Put NULL verifier */
799         svc_putnl(resv, RPC_AUTH_NULL);
800         svc_putnl(resv, 0);
801
802         rqstp->rq_flavor = RPC_AUTH_NULL;
803         return SVC_OK;
804 }
805
806 static int
807 svcauth_null_release(struct svc_rqst *rqstp)
808 {
809         if (rqstp->rq_client)
810                 auth_domain_put(rqstp->rq_client);
811         rqstp->rq_client = NULL;
812         if (rqstp->rq_cred.cr_group_info)
813                 put_group_info(rqstp->rq_cred.cr_group_info);
814         rqstp->rq_cred.cr_group_info = NULL;
815
816         return 0; /* don't drop */
817 }
818
819
820 struct auth_ops svcauth_null = {
821         .name           = "null",
822         .owner          = THIS_MODULE,
823         .flavour        = RPC_AUTH_NULL,
824         .accept         = svcauth_null_accept,
825         .release        = svcauth_null_release,
826         .set_client     = svcauth_unix_set_client,
827 };
828
829
830 static int
831 svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
832 {
833         struct kvec     *argv = &rqstp->rq_arg.head[0];
834         struct kvec     *resv = &rqstp->rq_res.head[0];
835         struct svc_cred *cred = &rqstp->rq_cred;
836         u32             slen, i;
837         int             len   = argv->iov_len;
838
839         cred->cr_group_info = NULL;
840         rqstp->rq_client = NULL;
841
842         if ((len -= 3*4) < 0)
843                 return SVC_GARBAGE;
844
845         svc_getu32(argv);                       /* length */
846         svc_getu32(argv);                       /* time stamp */
847         slen = XDR_QUADLEN(svc_getnl(argv));    /* machname length */
848         if (slen > 64 || (len -= (slen + 3)*4) < 0)
849                 goto badcred;
850         argv->iov_base = (void*)((__be32*)argv->iov_base + slen);       /* skip machname */
851         argv->iov_len -= slen*4;
852
853         cred->cr_uid = svc_getnl(argv);         /* uid */
854         cred->cr_gid = svc_getnl(argv);         /* gid */
855         slen = svc_getnl(argv);                 /* gids length */
856         if (slen > 16 || (len -= (slen + 2)*4) < 0)
857                 goto badcred;
858         cred->cr_group_info = groups_alloc(slen);
859         if (cred->cr_group_info == NULL)
860                 return SVC_CLOSE;
861         for (i = 0; i < slen; i++)
862                 GROUP_AT(cred->cr_group_info, i) = svc_getnl(argv);
863         if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {
864                 *authp = rpc_autherr_badverf;
865                 return SVC_DENIED;
866         }
867
868         /* Put NULL verifier */
869         svc_putnl(resv, RPC_AUTH_NULL);
870         svc_putnl(resv, 0);
871
872         rqstp->rq_flavor = RPC_AUTH_UNIX;
873         return SVC_OK;
874
875 badcred:
876         *authp = rpc_autherr_badcred;
877         return SVC_DENIED;
878 }
879
880 static int
881 svcauth_unix_release(struct svc_rqst *rqstp)
882 {
883         /* Verifier (such as it is) is already in place.
884          */
885         if (rqstp->rq_client)
886                 auth_domain_put(rqstp->rq_client);
887         rqstp->rq_client = NULL;
888         if (rqstp->rq_cred.cr_group_info)
889                 put_group_info(rqstp->rq_cred.cr_group_info);
890         rqstp->rq_cred.cr_group_info = NULL;
891
892         return 0;
893 }
894
895
896 struct auth_ops svcauth_unix = {
897         .name           = "unix",
898         .owner          = THIS_MODULE,
899         .flavour        = RPC_AUTH_UNIX,
900         .accept         = svcauth_unix_accept,
901         .release        = svcauth_unix_release,
902         .domain_release = svcauth_unix_domain_release,
903         .set_client     = svcauth_unix_set_client,
904 };
905