blob: 808fc03a6fbd07a4678d1ba0e28a43eb9d2c1ecd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
/*
* linux/fs/nfsd/auth.c
*
* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
*/
#include <linux/types.h>
#include <linux/sched.h>
#include <linux/sunrpc/svc.h>
#include <linux/sunrpc/svcauth.h>
#include <linux/nfsd/nfsd.h>
#include <linux/nfsd/export.h>
#include "auth.h"
int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
{
struct exp_flavor_info *f;
struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
for (f = exp->ex_flavors; f < end; f++) {
if (f->pseudoflavor == rqstp->rq_flavor)
return f->flags;
}
return exp->ex_flags;
}
int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
{
struct cred *act_as = current->cred ;
struct svc_cred cred = rqstp->rq_cred;
int i;
int flags = nfsexp_flags(rqstp, exp);
int ret;
if (flags & NFSEXP_ALLSQUASH) {
cred.cr_uid = exp->ex_anon_uid;
cred.cr_gid = exp->ex_anon_gid;
cred.cr_group_info = groups_alloc(0);
} else if (flags & NFSEXP_ROOTSQUASH) {
struct group_info *gi;
if (!cred.cr_uid)
cred.cr_uid = exp->ex_anon_uid;
if (!cred.cr_gid)
cred.cr_gid = exp->ex_anon_gid;
gi = groups_alloc(cred.cr_group_info->ngroups);
if (gi)
for (i = 0; i < cred.cr_group_info->ngroups; i++) {
if (!GROUP_AT(cred.cr_group_info, i))
GROUP_AT(gi, i) = exp->ex_anon_gid;
else
GROUP_AT(gi, i) = GROUP_AT(cred.cr_group_info, i);
}
cred.cr_group_info = gi;
} else
get_group_info(cred.cr_group_info);
if (cred.cr_uid != (uid_t) -1)
act_as->fsuid = cred.cr_uid;
else
act_as->fsuid = exp->ex_anon_uid;
if (cred.cr_gid != (gid_t) -1)
act_as->fsgid = cred.cr_gid;
else
act_as->fsgid = exp->ex_anon_gid;
if (!cred.cr_group_info)
return -ENOMEM;
ret = set_groups(act_as, cred.cr_group_info);
put_group_info(cred.cr_group_info);
if ((cred.cr_uid)) {
act_as->cap_effective =
cap_drop_nfsd_set(act_as->cap_effective);
} else {
act_as->cap_effective =
cap_raise_nfsd_set(act_as->cap_effective,
act_as->cap_permitted);
}
return ret;
}
|
