1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * linux/net/sunrpc/svcauth.c
4  *
5  * The generic interface for RPC authentication on the server side.
6  *
7  * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
8  *
9  * CHANGES
10  * 19-Apr-2000 Chris Evans      - Security fix
11  */
12 
13 #include <linux/types.h>
14 #include <linux/module.h>
15 #include <linux/sunrpc/types.h>
16 #include <linux/sunrpc/xdr.h>
17 #include <linux/sunrpc/svcsock.h>
18 #include <linux/sunrpc/svcauth.h>
19 #include <linux/err.h>
20 #include <linux/hash.h>
21 
22 #include <trace/events/sunrpc.h>
23 
24 #include "sunrpc.h"
25 
26 #define RPCDBG_FACILITY	RPCDBG_AUTH
27 
28 
29 /*
30  * Table of authenticators
31  */
32 extern struct auth_ops svcauth_null;
33 extern struct auth_ops svcauth_unix;
34 
35 static struct auth_ops __rcu *authtab[RPC_AUTH_MAXFLAVOR] = {
36 	[RPC_AUTH_NULL] = (struct auth_ops __force __rcu *)&svcauth_null,
37 	[RPC_AUTH_UNIX] = (struct auth_ops __force __rcu *)&svcauth_unix,
38 };
39 
40 static struct auth_ops *
svc_get_auth_ops(rpc_authflavor_t flavor)41 svc_get_auth_ops(rpc_authflavor_t flavor)
42 {
43 	struct auth_ops		*aops;
44 
45 	if (flavor >= RPC_AUTH_MAXFLAVOR)
46 		return NULL;
47 	rcu_read_lock();
48 	aops = rcu_dereference(authtab[flavor]);
49 	if (aops != NULL && !try_module_get(aops->owner))
50 		aops = NULL;
51 	rcu_read_unlock();
52 	return aops;
53 }
54 
55 static void
svc_put_auth_ops(struct auth_ops * aops)56 svc_put_auth_ops(struct auth_ops *aops)
57 {
58 	module_put(aops->owner);
59 }
60 
61 int
svc_authenticate(struct svc_rqst * rqstp)62 svc_authenticate(struct svc_rqst *rqstp)
63 {
64 	rpc_authflavor_t	flavor;
65 	struct auth_ops		*aops;
66 
67 	rqstp->rq_auth_stat = rpc_auth_ok;
68 
69 	flavor = svc_getnl(&rqstp->rq_arg.head[0]);
70 
71 	dprintk("svc: svc_authenticate (%d)\n", flavor);
72 
73 	aops = svc_get_auth_ops(flavor);
74 	if (aops == NULL) {
75 		rqstp->rq_auth_stat = rpc_autherr_badcred;
76 		return SVC_DENIED;
77 	}
78 
79 	rqstp->rq_auth_slack = 0;
80 	init_svc_cred(&rqstp->rq_cred);
81 
82 	rqstp->rq_authop = aops;
83 	return aops->accept(rqstp);
84 }
85 EXPORT_SYMBOL_GPL(svc_authenticate);
86 
svc_set_client(struct svc_rqst * rqstp)87 int svc_set_client(struct svc_rqst *rqstp)
88 {
89 	rqstp->rq_client = NULL;
90 	return rqstp->rq_authop->set_client(rqstp);
91 }
92 EXPORT_SYMBOL_GPL(svc_set_client);
93 
94 /* A request, which was authenticated, has now executed.
95  * Time to finalise the credentials and verifier
96  * and release and resources
97  */
svc_authorise(struct svc_rqst * rqstp)98 int svc_authorise(struct svc_rqst *rqstp)
99 {
100 	struct auth_ops *aops = rqstp->rq_authop;
101 	int rv = 0;
102 
103 	rqstp->rq_authop = NULL;
104 
105 	if (aops) {
106 		rv = aops->release(rqstp);
107 		svc_put_auth_ops(aops);
108 	}
109 	return rv;
110 }
111 
112 int
svc_auth_register(rpc_authflavor_t flavor,struct auth_ops * aops)113 svc_auth_register(rpc_authflavor_t flavor, struct auth_ops *aops)
114 {
115 	struct auth_ops *old;
116 	int rv = -EINVAL;
117 
118 	if (flavor < RPC_AUTH_MAXFLAVOR) {
119 		old = cmpxchg((struct auth_ops ** __force)&authtab[flavor], NULL, aops);
120 		if (old == NULL || old == aops)
121 			rv = 0;
122 	}
123 	return rv;
124 }
125 EXPORT_SYMBOL_GPL(svc_auth_register);
126 
127 void
svc_auth_unregister(rpc_authflavor_t flavor)128 svc_auth_unregister(rpc_authflavor_t flavor)
129 {
130 	if (flavor < RPC_AUTH_MAXFLAVOR)
131 		rcu_assign_pointer(authtab[flavor], NULL);
132 }
133 EXPORT_SYMBOL_GPL(svc_auth_unregister);
134 
135 /**************************************************
136  * 'auth_domains' are stored in a hash table indexed by name.
137  * When the last reference to an 'auth_domain' is dropped,
138  * the object is unhashed and freed.
139  * If auth_domain_lookup fails to find an entry, it will return
140  * it's second argument 'new'.  If this is non-null, it will
141  * have been atomically linked into the table.
142  */
143 
144 #define	DN_HASHBITS	6
145 #define	DN_HASHMAX	(1<<DN_HASHBITS)
146 
147 static struct hlist_head	auth_domain_table[DN_HASHMAX];
148 static DEFINE_SPINLOCK(auth_domain_lock);
149 
auth_domain_release(struct kref * kref)150 static void auth_domain_release(struct kref *kref)
151 	__releases(&auth_domain_lock)
152 {
153 	struct auth_domain *dom = container_of(kref, struct auth_domain, ref);
154 
155 	hlist_del_rcu(&dom->hash);
156 	dom->flavour->domain_release(dom);
157 	spin_unlock(&auth_domain_lock);
158 }
159 
auth_domain_put(struct auth_domain * dom)160 void auth_domain_put(struct auth_domain *dom)
161 {
162 	kref_put_lock(&dom->ref, auth_domain_release, &auth_domain_lock);
163 }
164 EXPORT_SYMBOL_GPL(auth_domain_put);
165 
166 struct auth_domain *
auth_domain_lookup(char * name,struct auth_domain * new)167 auth_domain_lookup(char *name, struct auth_domain *new)
168 {
169 	struct auth_domain *hp;
170 	struct hlist_head *head;
171 
172 	head = &auth_domain_table[hash_str(name, DN_HASHBITS)];
173 
174 	spin_lock(&auth_domain_lock);
175 
176 	hlist_for_each_entry(hp, head, hash) {
177 		if (strcmp(hp->name, name)==0) {
178 			kref_get(&hp->ref);
179 			spin_unlock(&auth_domain_lock);
180 			return hp;
181 		}
182 	}
183 	if (new)
184 		hlist_add_head_rcu(&new->hash, head);
185 	spin_unlock(&auth_domain_lock);
186 	return new;
187 }
188 EXPORT_SYMBOL_GPL(auth_domain_lookup);
189 
auth_domain_find(char * name)190 struct auth_domain *auth_domain_find(char *name)
191 {
192 	struct auth_domain *hp;
193 	struct hlist_head *head;
194 
195 	head = &auth_domain_table[hash_str(name, DN_HASHBITS)];
196 
197 	rcu_read_lock();
198 	hlist_for_each_entry_rcu(hp, head, hash) {
199 		if (strcmp(hp->name, name)==0) {
200 			if (!kref_get_unless_zero(&hp->ref))
201 				hp = NULL;
202 			rcu_read_unlock();
203 			return hp;
204 		}
205 	}
206 	rcu_read_unlock();
207 	return NULL;
208 }
209 EXPORT_SYMBOL_GPL(auth_domain_find);
210 
211 /**
212  * auth_domain_cleanup - check that the auth_domain table is empty
213  *
214  * On module unload the auth_domain_table must be empty.  To make it
215  * easier to catch bugs which don't clean up domains properly, we
216  * warn if anything remains in the table at cleanup time.
217  *
218  * Note that we cannot proactively remove the domains at this stage.
219  * The ->release() function might be in a module that has already been
220  * unloaded.
221  */
222 
auth_domain_cleanup(void)223 void auth_domain_cleanup(void)
224 {
225 	int h;
226 	struct auth_domain *hp;
227 
228 	for (h = 0; h < DN_HASHMAX; h++)
229 		hlist_for_each_entry(hp, &auth_domain_table[h], hash)
230 			pr_warn("svc: domain %s still present at module unload.\n",
231 				hp->name);
232 }
233