auth.c 2.0 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
  1. // SPDX-License-Identifier: GPL-2.0
  2. /* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> */
  3. #include <linux/sched.h>
  4. #include "nfsd.h"
  5. #include "auth.h"
  6. int nfsexp_flags(struct svc_cred *cred, struct svc_export *exp)
  7. {
  8. struct exp_flavor_info *f;
  9. struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
  10. for (f = exp->ex_flavors; f < end; f++) {
  11. if (f->pseudoflavor == cred->cr_flavor)
  12. return f->flags;
  13. }
  14. return exp->ex_flags;
  15. }
  16. int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp)
  17. {
  18. struct group_info *rqgi;
  19. struct group_info *gi;
  20. struct cred *new;
  21. int i;
  22. int flags = nfsexp_flags(cred, exp);
  23. /* discard any old override before preparing the new set */
  24. put_cred(revert_creds(get_cred(current_real_cred())));
  25. new = prepare_creds();
  26. if (!new)
  27. return -ENOMEM;
  28. new->fsuid = cred->cr_uid;
  29. new->fsgid = cred->cr_gid;
  30. rqgi = cred->cr_group_info;
  31. if (flags & NFSEXP_ALLSQUASH) {
  32. new->fsuid = exp->ex_anon_uid;
  33. new->fsgid = exp->ex_anon_gid;
  34. gi = groups_alloc(0);
  35. if (!gi)
  36. goto oom;
  37. } else if (flags & NFSEXP_ROOTSQUASH) {
  38. if (uid_eq(new->fsuid, GLOBAL_ROOT_UID))
  39. new->fsuid = exp->ex_anon_uid;
  40. if (gid_eq(new->fsgid, GLOBAL_ROOT_GID))
  41. new->fsgid = exp->ex_anon_gid;
  42. gi = groups_alloc(rqgi->ngroups);
  43. if (!gi)
  44. goto oom;
  45. for (i = 0; i < rqgi->ngroups; i++) {
  46. if (gid_eq(GLOBAL_ROOT_GID, rqgi->gid[i]))
  47. gi->gid[i] = exp->ex_anon_gid;
  48. else
  49. gi->gid[i] = rqgi->gid[i];
  50. }
  51. /* Each thread allocates its own gi, no race */
  52. groups_sort(gi);
  53. } else {
  54. gi = get_group_info(rqgi);
  55. }
  56. if (uid_eq(new->fsuid, INVALID_UID))
  57. new->fsuid = exp->ex_anon_uid;
  58. if (gid_eq(new->fsgid, INVALID_GID))
  59. new->fsgid = exp->ex_anon_gid;
  60. set_groups(new, gi);
  61. put_group_info(gi);
  62. if (!uid_eq(new->fsuid, GLOBAL_ROOT_UID))
  63. new->cap_effective = cap_drop_nfsd_set(new->cap_effective);
  64. else
  65. new->cap_effective = cap_raise_nfsd_set(new->cap_effective,
  66. new->cap_permitted);
  67. put_cred(override_creds(new));
  68. return 0;
  69. oom:
  70. abort_creds(new);
  71. return -ENOMEM;
  72. }