1 // SPDX-License-Identifier: GPL-2.0-only
10  * 19-Apr-2000 Chris Evans      - Security fix
52 	if (aops != NULL && !try_module_get(aops->owner))  in svc_get_auth_ops()
61 	module_put(aops->owner);  in svc_put_auth_ops()
65  * svc_authenticate - Initialize an outgoing credential
81 	rqstp->rq_auth_stat = rpc_auth_ok;  in svc_authenticate()
85 	 * body field is decoded in the chosen ->accept method below.  in svc_authenticate()
87 	if (xdr_stream_decode_u32(&rqstp->rq_arg_stream, &flavor) < 0)  in svc_authenticate()
92 		rqstp->rq_auth_stat = rpc_autherr_badcred;  in svc_authenticate()
96 	rqstp->rq_auth_slack = 0;  in svc_authenticate()
97 	init_svc_cred(&rqstp->rq_cred);  in svc_authenticate()
99 	rqstp->rq_authop = aops;  in svc_authenticate()
100 	return aops->accept(rqstp);  in svc_authenticate()
104  * svc_set_client - Assign an appropriate 'auth_domain' as the client
115 	rqstp->rq_client = NULL;  in svc_set_client()
116 	return rqstp->rq_authop->set_client(rqstp);  in svc_set_client()
121  * svc_authorise - Finalize credentials/verifier and release resources
128 	struct auth_ops *aops = rqstp->rq_authop;  in svc_authorise()
131 	rqstp->rq_authop = NULL;  in svc_authorise()
134 		rv = aops->release(rqstp);  in svc_authorise()
144 	int rv = -EINVAL;  in svc_auth_register()
164  * svc_auth_flavor - return RPC transaction's RPC_AUTH flavor
171 	struct auth_ops *aops = rqstp->rq_authop;  in svc_auth_flavor()
173 	if (!aops->pseudoflavor)  in svc_auth_flavor()
174 		return aops->flavour;  in svc_auth_flavor()
175 	return aops->pseudoflavor(rqstp);  in svc_auth_flavor()
180  * svcauth_map_clnt_to_svc_cred_local - maps a generic cred
190 	struct user_namespace *userns = clnt->cl_cred ?  in svcauth_map_clnt_to_svc_cred_local()
191 		clnt->cl_cred->user_ns : &init_user_ns;  in svcauth_map_clnt_to_svc_cred_local()
195 	svc->cr_uid = KUIDT_INIT(from_kuid_munged(userns, cred->fsuid));  in svcauth_map_clnt_to_svc_cred_local()
196 	svc->cr_gid = KGIDT_INIT(from_kgid_munged(userns, cred->fsgid));  in svcauth_map_clnt_to_svc_cred_local()
197 	svc->cr_flavor = clnt->cl_auth->au_flavor;  in svcauth_map_clnt_to_svc_cred_local()
198 	if (cred->group_info)  in svcauth_map_clnt_to_svc_cred_local()
199 		svc->cr_group_info = get_group_info(cred->group_info);  in svcauth_map_clnt_to_svc_cred_local()
201 	svc->cr_principal = NULL;  in svcauth_map_clnt_to_svc_cred_local()
202 	svc->cr_gss_mech = NULL;  in svcauth_map_clnt_to_svc_cred_local()
211  * it's second argument 'new'.  If this is non-null, it will
226 	hlist_del_rcu(&dom->hash);  in auth_domain_release()
227 	dom->flavour->domain_release(dom);  in auth_domain_release()
233 	kref_put_lock(&dom->ref, auth_domain_release, &auth_domain_lock);  in auth_domain_put()
248 		if (strcmp(hp->name, name)==0) {  in auth_domain_lookup()
249 			kref_get(&hp->ref);  in auth_domain_lookup()
255 		hlist_add_head_rcu(&new->hash, head);  in auth_domain_lookup()
270 		if (strcmp(hp->name, name)==0) {  in auth_domain_find()
271 			if (!kref_get_unless_zero(&hp->ref))  in auth_domain_find()
283  * auth_domain_cleanup - check that the auth_domain table is empty
290  * The ->release() function might be in a module that has already been
301 			pr_warn("svc: domain %s still present at module unload.\n",  in auth_domain_cleanup()
302 				hp->name);  in auth_domain_cleanup()