1 // SPDX-License-Identifier: GPL-2.0-only 2 #include <linux/types.h> 3 #include <linux/sched.h> 4 #include <linux/module.h> 5 #include <linux/sunrpc/types.h> 6 #include <linux/sunrpc/xdr.h> 7 #include <linux/sunrpc/svcsock.h> 8 #include <linux/sunrpc/svcauth.h> 9 #include <linux/sunrpc/gss_api.h> 10 #include <linux/sunrpc/addr.h> 11 #include <linux/err.h> 12 #include <linux/seq_file.h> 13 #include <linux/hash.h> 14 #include <linux/string.h> 15 #include <linux/slab.h> 16 #include <net/sock.h> 17 #include <net/ipv6.h> 18 #include <linux/kernel.h> 19 #include <linux/user_namespace.h> 20 #include <net/genetlink.h> 21 #include <uapi/linux/sunrpc_netlink.h> 22 #include <trace/events/sunrpc.h> 23 24 #define RPCDBG_FACILITY RPCDBG_AUTH 25 26 #include "netns.h" 27 #include "netlink.h" 28 29 /* 30 * AUTHUNIX and AUTHNULL credentials are both handled here. 31 * AUTHNULL is treated just like AUTHUNIX except that the uid/gid 32 * are always nobody (-2). i.e. we do the same IP address checks for 33 * AUTHNULL as for AUTHUNIX, and that is done here. 34 */ 35 36 37 struct unix_domain { 38 struct auth_domain h; 39 /* other stuff later */ 40 }; 41 42 extern struct auth_ops svcauth_null; 43 extern struct auth_ops svcauth_unix; 44 extern struct auth_ops svcauth_tls; 45 46 static void svcauth_unix_domain_release_rcu(struct rcu_head *head) 47 { 48 struct auth_domain *dom = container_of(head, struct auth_domain, rcu_head); 49 struct unix_domain *ud = container_of(dom, struct unix_domain, h); 50 51 kfree(dom->name); 52 kfree(ud); 53 } 54 55 static void svcauth_unix_domain_release(struct auth_domain *dom) 56 { 57 call_rcu(&dom->rcu_head, svcauth_unix_domain_release_rcu); 58 } 59 60 struct auth_domain *unix_domain_find(char *name) 61 { 62 struct auth_domain *rv; 63 struct unix_domain *new = NULL; 64 65 rv = auth_domain_find(name); 66 while(1) { 67 if (rv) { 68 if (new && rv != &new->h) 69 svcauth_unix_domain_release(&new->h); 70 71 if (rv->flavour != &svcauth_unix) { 72 auth_domain_put(rv); 73 return NULL; 74 } 75 return rv; 76 } 77 78 new = kmalloc_obj(*new); 79 if (new == NULL) 80 return NULL; 81 kref_init(&new->h.ref); 82 new->h.name = kstrdup(name, GFP_KERNEL); 83 if (new->h.name == NULL) { 84 kfree(new); 85 return NULL; 86 } 87 new->h.flavour = &svcauth_unix; 88 rv = auth_domain_lookup(name, &new->h); 89 } 90 } 91 EXPORT_SYMBOL_GPL(unix_domain_find); 92 93 94 /************************************************** 95 * cache for IP address to unix_domain 96 * as needed by AUTH_UNIX 97 */ 98 #define IP_HASHBITS 8 99 #define IP_HASHMAX (1<<IP_HASHBITS) 100 101 struct ip_map { 102 struct cache_head h; 103 char m_class[8]; /* e.g. "nfsd" */ 104 struct in6_addr m_addr; 105 struct unix_domain *m_client; 106 struct rcu_head m_rcu; 107 }; 108 109 static void ip_map_put(struct kref *kref) 110 { 111 struct cache_head *item = container_of(kref, struct cache_head, ref); 112 struct ip_map *im = container_of(item, struct ip_map,h); 113 114 if (test_bit(CACHE_VALID, &item->flags) && 115 !test_bit(CACHE_NEGATIVE, &item->flags)) 116 auth_domain_put(&im->m_client->h); 117 kfree_rcu(im, m_rcu); 118 } 119 120 static inline int hash_ip6(const struct in6_addr *ip) 121 { 122 return hash_32(ipv6_addr_hash(ip), IP_HASHBITS); 123 } 124 static int ip_map_match(struct cache_head *corig, struct cache_head *cnew) 125 { 126 struct ip_map *orig = container_of(corig, struct ip_map, h); 127 struct ip_map *new = container_of(cnew, struct ip_map, h); 128 return strcmp(orig->m_class, new->m_class) == 0 && 129 ipv6_addr_equal(&orig->m_addr, &new->m_addr); 130 } 131 static void ip_map_init(struct cache_head *cnew, struct cache_head *citem) 132 { 133 struct ip_map *new = container_of(cnew, struct ip_map, h); 134 struct ip_map *item = container_of(citem, struct ip_map, h); 135 136 strcpy(new->m_class, item->m_class); 137 new->m_addr = item->m_addr; 138 } 139 static void update(struct cache_head *cnew, struct cache_head *citem) 140 { 141 struct ip_map *new = container_of(cnew, struct ip_map, h); 142 struct ip_map *item = container_of(citem, struct ip_map, h); 143 144 kref_get(&item->m_client->h.ref); 145 new->m_client = item->m_client; 146 } 147 static struct cache_head *ip_map_alloc(void) 148 { 149 struct ip_map *i = kmalloc_obj(*i); 150 if (i) 151 return &i->h; 152 else 153 return NULL; 154 } 155 156 static int ip_map_upcall(struct cache_detail *cd, struct cache_head *h) 157 { 158 return sunrpc_cache_upcall(cd, h); 159 } 160 161 static void ip_map_request(struct cache_detail *cd, 162 struct cache_head *h, 163 char **bpp, int *blen) 164 { 165 char text_addr[40]; 166 struct ip_map *im = container_of(h, struct ip_map, h); 167 168 if (ipv6_addr_v4mapped(&(im->m_addr))) { 169 snprintf(text_addr, 20, "%pI4", &im->m_addr.s6_addr32[3]); 170 } else { 171 snprintf(text_addr, 40, "%pI6", &im->m_addr); 172 } 173 qword_add(bpp, blen, im->m_class); 174 qword_add(bpp, blen, text_addr); 175 (*bpp)[-1] = '\n'; 176 } 177 178 static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class, struct in6_addr *addr); 179 static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm, struct unix_domain *udom, time64_t expiry); 180 181 static int ip_map_parse(struct cache_detail *cd, 182 char *mesg, int mlen) 183 { 184 /* class ipaddress [domainname] */ 185 /* should be safe just to use the start of the input buffer 186 * for scratch: */ 187 char *buf = mesg; 188 int len; 189 char class[8]; 190 union { 191 struct sockaddr sa; 192 struct sockaddr_in s4; 193 struct sockaddr_in6 s6; 194 } address; 195 struct sockaddr_in6 sin6; 196 int err; 197 198 struct ip_map *ipmp; 199 struct auth_domain *dom; 200 time64_t expiry; 201 202 if (mesg[mlen-1] != '\n') 203 return -EINVAL; 204 mesg[mlen-1] = 0; 205 206 /* class */ 207 len = qword_get(&mesg, class, sizeof(class)); 208 if (len <= 0) return -EINVAL; 209 210 /* ip address */ 211 len = qword_get(&mesg, buf, mlen); 212 if (len <= 0) return -EINVAL; 213 214 if (rpc_pton(cd->net, buf, len, &address.sa, sizeof(address)) == 0) 215 return -EINVAL; 216 switch (address.sa.sa_family) { 217 case AF_INET: 218 /* Form a mapped IPv4 address in sin6 */ 219 sin6.sin6_family = AF_INET6; 220 ipv6_addr_set_v4mapped(address.s4.sin_addr.s_addr, 221 &sin6.sin6_addr); 222 break; 223 #if IS_ENABLED(CONFIG_IPV6) 224 case AF_INET6: 225 memcpy(&sin6, &address.s6, sizeof(sin6)); 226 break; 227 #endif 228 default: 229 return -EINVAL; 230 } 231 232 err = get_expiry(&mesg, &expiry); 233 if (err) 234 return err; 235 236 /* domainname, or empty for NEGATIVE */ 237 len = qword_get(&mesg, buf, mlen); 238 if (len < 0) return -EINVAL; 239 240 if (len) { 241 dom = unix_domain_find(buf); 242 if (dom == NULL) 243 return -ENOENT; 244 } else 245 dom = NULL; 246 247 /* IPv6 scope IDs are ignored for now */ 248 ipmp = __ip_map_lookup(cd, class, &sin6.sin6_addr); 249 if (ipmp) { 250 err = __ip_map_update(cd, ipmp, 251 container_of(dom, struct unix_domain, h), 252 expiry); 253 } else 254 err = -ENOMEM; 255 256 if (dom) 257 auth_domain_put(dom); 258 259 cache_flush(); 260 return err; 261 } 262 263 static int ip_map_show(struct seq_file *m, 264 struct cache_detail *cd, 265 struct cache_head *h) 266 { 267 struct ip_map *im; 268 struct in6_addr addr; 269 char *dom = "-no-domain-"; 270 271 if (h == NULL) { 272 seq_puts(m, "#class IP domain\n"); 273 return 0; 274 } 275 im = container_of(h, struct ip_map, h); 276 /* class addr domain */ 277 addr = im->m_addr; 278 279 if (test_bit(CACHE_VALID, &h->flags) && 280 !test_bit(CACHE_NEGATIVE, &h->flags)) 281 dom = im->m_client->h.name; 282 283 if (ipv6_addr_v4mapped(&addr)) { 284 seq_printf(m, "%s %pI4 %s\n", 285 im->m_class, &addr.s6_addr32[3], dom); 286 } else { 287 seq_printf(m, "%s %pI6 %s\n", im->m_class, &addr, dom); 288 } 289 return 0; 290 } 291 292 293 static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class, 294 struct in6_addr *addr) 295 { 296 struct ip_map ip; 297 struct cache_head *ch; 298 299 strcpy(ip.m_class, class); 300 ip.m_addr = *addr; 301 ch = sunrpc_cache_lookup_rcu(cd, &ip.h, 302 hash_str(class, IP_HASHBITS) ^ 303 hash_ip6(addr)); 304 305 if (ch) 306 return container_of(ch, struct ip_map, h); 307 else 308 return NULL; 309 } 310 311 static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm, 312 struct unix_domain *udom, time64_t expiry) 313 { 314 struct ip_map ip; 315 struct cache_head *ch; 316 317 ip.m_client = udom; 318 ip.h.flags = 0; 319 if (!udom) 320 set_bit(CACHE_NEGATIVE, &ip.h.flags); 321 ip.h.expiry_time = expiry; 322 ch = sunrpc_cache_update(cd, &ip.h, &ipm->h, 323 hash_str(ipm->m_class, IP_HASHBITS) ^ 324 hash_ip6(&ipm->m_addr)); 325 if (!ch) 326 return -ENOMEM; 327 cache_put(ch, cd); 328 return 0; 329 } 330 331 void svcauth_unix_purge(struct net *net) 332 { 333 struct sunrpc_net *sn; 334 335 sn = net_generic(net, sunrpc_net_id); 336 cache_purge(sn->ip_map_cache); 337 } 338 EXPORT_SYMBOL_GPL(svcauth_unix_purge); 339 340 static inline struct ip_map * 341 ip_map_cached_get(struct svc_xprt *xprt) 342 { 343 struct ip_map *ipm = NULL; 344 struct sunrpc_net *sn; 345 346 if (test_bit(XPT_CACHE_AUTH, &xprt->xpt_flags)) { 347 spin_lock(&xprt->xpt_lock); 348 ipm = xprt->xpt_auth_cache; 349 if (ipm != NULL) { 350 sn = net_generic(xprt->xpt_net, sunrpc_net_id); 351 if (cache_is_expired(sn->ip_map_cache, &ipm->h)) { 352 /* 353 * The entry has been invalidated since it was 354 * remembered, e.g. by a second mount from the 355 * same IP address. 356 */ 357 xprt->xpt_auth_cache = NULL; 358 spin_unlock(&xprt->xpt_lock); 359 cache_put(&ipm->h, sn->ip_map_cache); 360 return NULL; 361 } 362 cache_get(&ipm->h); 363 } 364 spin_unlock(&xprt->xpt_lock); 365 } 366 return ipm; 367 } 368 369 static inline void 370 ip_map_cached_put(struct svc_xprt *xprt, struct ip_map *ipm) 371 { 372 if (test_bit(XPT_CACHE_AUTH, &xprt->xpt_flags)) { 373 spin_lock(&xprt->xpt_lock); 374 if (xprt->xpt_auth_cache == NULL) { 375 /* newly cached, keep the reference */ 376 xprt->xpt_auth_cache = ipm; 377 ipm = NULL; 378 } 379 spin_unlock(&xprt->xpt_lock); 380 } 381 if (ipm) { 382 struct sunrpc_net *sn; 383 384 sn = net_generic(xprt->xpt_net, sunrpc_net_id); 385 cache_put(&ipm->h, sn->ip_map_cache); 386 } 387 } 388 389 void 390 svcauth_unix_info_release(struct svc_xprt *xpt) 391 { 392 struct ip_map *ipm; 393 394 ipm = xpt->xpt_auth_cache; 395 if (ipm != NULL) { 396 struct sunrpc_net *sn; 397 398 sn = net_generic(xpt->xpt_net, sunrpc_net_id); 399 cache_put(&ipm->h, sn->ip_map_cache); 400 } 401 } 402 403 /**************************************************************************** 404 * auth.unix.gid cache 405 * simple cache to map a UID to a list of GIDs 406 * because AUTH_UNIX aka AUTH_SYS has a max of UNX_NGROUPS 407 */ 408 #define GID_HASHBITS 8 409 #define GID_HASHMAX (1<<GID_HASHBITS) 410 411 struct unix_gid { 412 struct cache_head h; 413 kuid_t uid; 414 struct group_info *gi; 415 struct rcu_head rcu; 416 }; 417 418 static int unix_gid_hash(kuid_t uid) 419 { 420 return hash_long(from_kuid(&init_user_ns, uid), GID_HASHBITS); 421 } 422 423 static void unix_gid_free(struct rcu_head *rcu) 424 { 425 struct unix_gid *ug = container_of(rcu, struct unix_gid, rcu); 426 struct cache_head *item = &ug->h; 427 428 if (test_bit(CACHE_VALID, &item->flags) && 429 !test_bit(CACHE_NEGATIVE, &item->flags)) 430 put_group_info(ug->gi); 431 kfree(ug); 432 } 433 434 static void unix_gid_put(struct kref *kref) 435 { 436 struct cache_head *item = container_of(kref, struct cache_head, ref); 437 struct unix_gid *ug = container_of(item, struct unix_gid, h); 438 439 call_rcu(&ug->rcu, unix_gid_free); 440 } 441 442 static int unix_gid_match(struct cache_head *corig, struct cache_head *cnew) 443 { 444 struct unix_gid *orig = container_of(corig, struct unix_gid, h); 445 struct unix_gid *new = container_of(cnew, struct unix_gid, h); 446 return uid_eq(orig->uid, new->uid); 447 } 448 static void unix_gid_init(struct cache_head *cnew, struct cache_head *citem) 449 { 450 struct unix_gid *new = container_of(cnew, struct unix_gid, h); 451 struct unix_gid *item = container_of(citem, struct unix_gid, h); 452 new->uid = item->uid; 453 } 454 static void unix_gid_update(struct cache_head *cnew, struct cache_head *citem) 455 { 456 struct unix_gid *new = container_of(cnew, struct unix_gid, h); 457 struct unix_gid *item = container_of(citem, struct unix_gid, h); 458 459 get_group_info(item->gi); 460 new->gi = item->gi; 461 } 462 static struct cache_head *unix_gid_alloc(void) 463 { 464 struct unix_gid *g = kmalloc_obj(*g); 465 if (g) 466 return &g->h; 467 else 468 return NULL; 469 } 470 471 static int unix_gid_upcall(struct cache_detail *cd, struct cache_head *h) 472 { 473 return sunrpc_cache_upcall_warn(cd, h); 474 } 475 476 static void unix_gid_request(struct cache_detail *cd, 477 struct cache_head *h, 478 char **bpp, int *blen) 479 { 480 char tuid[20]; 481 struct unix_gid *ug = container_of(h, struct unix_gid, h); 482 483 snprintf(tuid, 20, "%u", from_kuid(&init_user_ns, ug->uid)); 484 qword_add(bpp, blen, tuid); 485 (*bpp)[-1] = '\n'; 486 } 487 488 static struct unix_gid *unix_gid_lookup(struct cache_detail *cd, kuid_t uid); 489 490 static int unix_gid_parse(struct cache_detail *cd, 491 char *mesg, int mlen) 492 { 493 /* uid expiry Ngid gid0 gid1 ... gidN-1 */ 494 int id; 495 kuid_t uid; 496 int gids; 497 int rv; 498 int i; 499 int err; 500 time64_t expiry; 501 struct unix_gid ug, *ugp; 502 503 if (mesg[mlen - 1] != '\n') 504 return -EINVAL; 505 mesg[mlen-1] = 0; 506 507 rv = get_int(&mesg, &id); 508 if (rv) 509 return -EINVAL; 510 uid = make_kuid(current_user_ns(), id); 511 ug.uid = uid; 512 513 err = get_expiry(&mesg, &expiry); 514 if (err) 515 return err; 516 517 rv = get_int(&mesg, &gids); 518 if (rv || gids < 0 || gids > 8192) 519 return -EINVAL; 520 521 ug.gi = groups_alloc(gids); 522 if (!ug.gi) 523 return -ENOMEM; 524 525 for (i = 0 ; i < gids ; i++) { 526 int gid; 527 kgid_t kgid; 528 rv = get_int(&mesg, &gid); 529 err = -EINVAL; 530 if (rv) 531 goto out; 532 kgid = make_kgid(current_user_ns(), gid); 533 if (!gid_valid(kgid)) 534 goto out; 535 ug.gi->gid[i] = kgid; 536 } 537 538 groups_sort(ug.gi); 539 ugp = unix_gid_lookup(cd, uid); 540 if (ugp) { 541 struct cache_head *ch; 542 ug.h.flags = 0; 543 ug.h.expiry_time = expiry; 544 ch = sunrpc_cache_update(cd, 545 &ug.h, &ugp->h, 546 unix_gid_hash(uid)); 547 if (!ch) 548 err = -ENOMEM; 549 else { 550 err = 0; 551 cache_put(ch, cd); 552 } 553 } else 554 err = -ENOMEM; 555 out: 556 if (ug.gi) 557 put_group_info(ug.gi); 558 return err; 559 } 560 561 static int unix_gid_show(struct seq_file *m, 562 struct cache_detail *cd, 563 struct cache_head *h) 564 { 565 struct user_namespace *user_ns = m->file->f_cred->user_ns; 566 struct unix_gid *ug; 567 int i; 568 int glen; 569 570 if (h == NULL) { 571 seq_puts(m, "#uid cnt: gids...\n"); 572 return 0; 573 } 574 ug = container_of(h, struct unix_gid, h); 575 if (test_bit(CACHE_VALID, &h->flags) && 576 !test_bit(CACHE_NEGATIVE, &h->flags)) 577 glen = ug->gi->ngroups; 578 else 579 glen = 0; 580 581 seq_printf(m, "%u %d:", from_kuid_munged(user_ns, ug->uid), glen); 582 for (i = 0; i < glen; i++) 583 seq_printf(m, " %d", from_kgid_munged(user_ns, ug->gi->gid[i])); 584 seq_printf(m, "\n"); 585 return 0; 586 } 587 588 static int unix_gid_notify(struct cache_detail *cd, struct cache_head *h) 589 { 590 return sunrpc_cache_notify(cd, h, SUNRPC_CACHE_TYPE_UNIX_GID); 591 } 592 593 /** 594 * sunrpc_nl_unix_gid_get_reqs_dumpit - dump pending unix_gid requests 595 * @skb: reply buffer 596 * @cb: netlink metadata and command arguments 597 * 598 * Walk the unix_gid cache's pending request list and create a netlink 599 * message with a nested entry for each cache_request, containing the 600 * seqno and uid. 601 * 602 * Uses cb->args[0] as a seqno cursor for dump continuation across 603 * multiple netlink messages. 604 * 605 * Returns the size of the reply or a negative errno. 606 */ 607 int sunrpc_nl_unix_gid_get_reqs_dumpit(struct sk_buff *skb, 608 struct netlink_callback *cb) 609 { 610 struct sunrpc_net *sn; 611 struct cache_detail *cd; 612 struct cache_head **items; 613 u64 *seqnos; 614 int cnt, i, emitted; 615 void *hdr; 616 int ret; 617 618 sn = net_generic(sock_net(skb->sk), sunrpc_net_id); 619 620 cd = sn->unix_gid_cache; 621 if (!cd) 622 return -ENODEV; 623 624 cnt = sunrpc_cache_requests_count(cd); 625 if (!cnt) 626 return 0; 627 628 items = kcalloc(cnt, sizeof(*items), GFP_KERNEL); 629 seqnos = kcalloc(cnt, sizeof(*seqnos), GFP_KERNEL); 630 if (!items || !seqnos) { 631 ret = -ENOMEM; 632 goto out_alloc; 633 } 634 635 cnt = sunrpc_cache_requests_snapshot(cd, items, seqnos, cnt, 636 cb->args[0]); 637 if (!cnt) { 638 ret = 0; 639 goto out_alloc; 640 } 641 642 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, 643 cb->nlh->nlmsg_seq, &sunrpc_nl_family, 644 NLM_F_MULTI, SUNRPC_CMD_UNIX_GID_GET_REQS); 645 if (!hdr) { 646 ret = -ENOBUFS; 647 goto out_put; 648 } 649 650 emitted = 0; 651 for (i = 0; i < cnt; i++) { 652 struct unix_gid *ug; 653 struct nlattr *nest; 654 655 ug = container_of(items[i], struct unix_gid, h); 656 657 nest = nla_nest_start(skb, 658 SUNRPC_A_UNIX_GID_REQS_REQUESTS); 659 if (!nest) 660 break; 661 662 if (nla_put_u64_64bit(skb, SUNRPC_A_UNIX_GID_SEQNO, 663 seqnos[i], 0) || 664 nla_put_u32(skb, SUNRPC_A_UNIX_GID_UID, 665 from_kuid(&init_user_ns, ug->uid))) { 666 nla_nest_cancel(skb, nest); 667 break; 668 } 669 670 nla_nest_end(skb, nest); 671 cb->args[0] = seqnos[i]; 672 emitted++; 673 } 674 675 if (!emitted) { 676 genlmsg_cancel(skb, hdr); 677 ret = -EMSGSIZE; 678 goto out_put; 679 } 680 681 genlmsg_end(skb, hdr); 682 ret = skb->len; 683 out_put: 684 for (i = 0; i < cnt; i++) 685 cache_put(items[i], cd); 686 out_alloc: 687 kfree(seqnos); 688 kfree(items); 689 return ret; 690 } 691 692 /** 693 * sunrpc_nl_parse_one_unix_gid - parse one unix_gid entry from netlink 694 * @cd: cache_detail for the unix_gid cache 695 * @attr: nested attribute containing unix_gid fields 696 * 697 * Parses one unix_gid entry from a netlink message and updates the 698 * cache. Mirrors the logic in unix_gid_parse(). 699 * 700 * Returns 0 on success or a negative errno. 701 */ 702 static int sunrpc_nl_parse_one_unix_gid(struct cache_detail *cd, 703 struct nlattr *attr) 704 { 705 struct nlattr *tb[SUNRPC_A_UNIX_GID_EXPIRY + 1]; 706 struct unix_gid ug, *ugp; 707 struct timespec64 boot; 708 struct nlattr *gid_attr; 709 int err, rem, gids = 0; 710 kuid_t uid; 711 712 err = nla_parse_nested(tb, SUNRPC_A_UNIX_GID_EXPIRY, attr, 713 sunrpc_unix_gid_nl_policy, NULL); 714 if (err) 715 return err; 716 717 /* uid (required) */ 718 if (!tb[SUNRPC_A_UNIX_GID_UID]) 719 return -EINVAL; 720 uid = make_kuid(current_user_ns(), 721 nla_get_u32(tb[SUNRPC_A_UNIX_GID_UID])); 722 ug.uid = uid; 723 724 /* expiry (required, wallclock seconds) */ 725 if (!tb[SUNRPC_A_UNIX_GID_EXPIRY]) 726 return -EINVAL; 727 getboottime64(&boot); 728 ug.h.flags = 0; 729 ug.h.expiry_time = nla_get_u64(tb[SUNRPC_A_UNIX_GID_EXPIRY]) - 730 boot.tv_sec; 731 732 if (tb[SUNRPC_A_UNIX_GID_NEGATIVE]) { 733 ug.gi = groups_alloc(0); 734 if (!ug.gi) 735 return -ENOMEM; 736 } else { 737 /* Count gids */ 738 nla_for_each_nested_type(gid_attr, SUNRPC_A_UNIX_GID_GIDS, 739 attr, rem) 740 gids++; 741 742 if (gids > 8192) 743 return -EINVAL; 744 745 ug.gi = groups_alloc(gids); 746 if (!ug.gi) 747 return -ENOMEM; 748 749 gids = 0; 750 nla_for_each_nested_type(gid_attr, SUNRPC_A_UNIX_GID_GIDS, 751 attr, rem) { 752 kgid_t kgid; 753 754 kgid = make_kgid(current_user_ns(), 755 nla_get_u32(gid_attr)); 756 if (!gid_valid(kgid)) { 757 err = -EINVAL; 758 goto out; 759 } 760 ug.gi->gid[gids++] = kgid; 761 } 762 groups_sort(ug.gi); 763 } 764 765 ugp = unix_gid_lookup(cd, uid); 766 if (ugp) { 767 struct cache_head *ch; 768 769 ch = sunrpc_cache_update(cd, &ug.h, &ugp->h, 770 unix_gid_hash(uid)); 771 if (!ch) { 772 err = -ENOMEM; 773 } else { 774 err = 0; 775 cache_put(ch, cd); 776 } 777 } else { 778 err = -ENOMEM; 779 } 780 out: 781 if (ug.gi) 782 put_group_info(ug.gi); 783 return err; 784 } 785 786 /** 787 * sunrpc_nl_unix_gid_set_reqs_doit - respond to unix_gid requests 788 * @skb: reply buffer 789 * @info: netlink metadata and command arguments 790 * 791 * Parse one or more unix_gid cache responses from userspace and 792 * update the unix_gid cache accordingly. 793 * 794 * Returns 0 on success or a negative errno. 795 */ 796 int sunrpc_nl_unix_gid_set_reqs_doit(struct sk_buff *skb, 797 struct genl_info *info) 798 { 799 struct sunrpc_net *sn; 800 struct cache_detail *cd; 801 const struct nlattr *attr; 802 int rem, ret = 0; 803 804 sn = net_generic(genl_info_net(info), sunrpc_net_id); 805 806 cd = sn->unix_gid_cache; 807 if (!cd) 808 return -ENODEV; 809 810 nlmsg_for_each_attr_type(attr, SUNRPC_A_UNIX_GID_REQS_REQUESTS, 811 info->nlhdr, GENL_HDRLEN, rem) { 812 ret = sunrpc_nl_parse_one_unix_gid(cd, 813 (struct nlattr *)attr); 814 if (ret) 815 break; 816 } 817 818 return ret; 819 } 820 821 /** 822 * sunrpc_nl_cache_flush_doit - flush sunrpc caches via netlink 823 * @skb: reply buffer 824 * @info: netlink metadata and command arguments 825 * 826 * Flush the ip_map and/or unix_gid caches. If SUNRPC_A_CACHE_FLUSH_MASK 827 * is provided, only flush the caches indicated by the bitmask (bit 1 = 828 * ip_map, bit 2 = unix_gid). If omitted, flush both. 829 * 830 * Return 0 on success or a negative errno. 831 */ 832 int sunrpc_nl_cache_flush_doit(struct sk_buff *skb, struct genl_info *info) 833 { 834 struct sunrpc_net *sn; 835 u32 mask = ~0U; 836 837 sn = net_generic(genl_info_net(info), sunrpc_net_id); 838 839 if (info->attrs[SUNRPC_A_CACHE_FLUSH_MASK]) 840 mask = nla_get_u32(info->attrs[SUNRPC_A_CACHE_FLUSH_MASK]); 841 842 if ((mask & SUNRPC_CACHE_TYPE_IP_MAP) && 843 sn->ip_map_cache) 844 cache_purge(sn->ip_map_cache); 845 846 if ((mask & SUNRPC_CACHE_TYPE_UNIX_GID) && 847 sn->unix_gid_cache) 848 cache_purge(sn->unix_gid_cache); 849 850 return 0; 851 } 852 853 static const struct cache_detail unix_gid_cache_template = { 854 .owner = THIS_MODULE, 855 .hash_size = GID_HASHMAX, 856 .name = "auth.unix.gid", 857 .cache_put = unix_gid_put, 858 .cache_upcall = unix_gid_upcall, 859 .cache_notify = unix_gid_notify, 860 .cache_request = unix_gid_request, 861 .cache_parse = unix_gid_parse, 862 .cache_show = unix_gid_show, 863 .match = unix_gid_match, 864 .init = unix_gid_init, 865 .update = unix_gid_update, 866 .alloc = unix_gid_alloc, 867 }; 868 869 int unix_gid_cache_create(struct net *net) 870 { 871 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); 872 struct cache_detail *cd; 873 int err; 874 875 cd = cache_create_net(&unix_gid_cache_template, net); 876 if (IS_ERR(cd)) 877 return PTR_ERR(cd); 878 err = cache_register_net(cd, net); 879 if (err) { 880 cache_destroy_net(cd, net); 881 return err; 882 } 883 sn->unix_gid_cache = cd; 884 return 0; 885 } 886 887 void unix_gid_cache_destroy(struct net *net) 888 { 889 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); 890 struct cache_detail *cd = sn->unix_gid_cache; 891 892 sn->unix_gid_cache = NULL; 893 cache_purge(cd); 894 cache_unregister_net(cd, net); 895 cache_destroy_net(cd, net); 896 } 897 898 static struct unix_gid *unix_gid_lookup(struct cache_detail *cd, kuid_t uid) 899 { 900 struct unix_gid ug; 901 struct cache_head *ch; 902 903 ug.uid = uid; 904 ch = sunrpc_cache_lookup_rcu(cd, &ug.h, unix_gid_hash(uid)); 905 if (ch) 906 return container_of(ch, struct unix_gid, h); 907 else 908 return NULL; 909 } 910 911 static struct group_info *unix_gid_find(kuid_t uid, struct svc_rqst *rqstp) 912 { 913 struct unix_gid *ug; 914 struct group_info *gi; 915 int ret; 916 struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, 917 sunrpc_net_id); 918 919 ug = unix_gid_lookup(sn->unix_gid_cache, uid); 920 if (!ug) 921 return ERR_PTR(-EAGAIN); 922 ret = cache_check(sn->unix_gid_cache, &ug->h, &rqstp->rq_chandle); 923 switch (ret) { 924 case -ENOENT: 925 return ERR_PTR(-ENOENT); 926 case -ETIMEDOUT: 927 return ERR_PTR(-ESHUTDOWN); 928 case 0: 929 gi = get_group_info(ug->gi); 930 cache_put(&ug->h, sn->unix_gid_cache); 931 return gi; 932 default: 933 return ERR_PTR(-EAGAIN); 934 } 935 } 936 937 enum svc_auth_status 938 svcauth_unix_set_client(struct svc_rqst *rqstp) 939 { 940 struct sockaddr_in *sin; 941 struct sockaddr_in6 *sin6, sin6_storage; 942 struct ip_map *ipm; 943 struct group_info *gi; 944 struct svc_cred *cred = &rqstp->rq_cred; 945 struct svc_xprt *xprt = rqstp->rq_xprt; 946 struct net *net = xprt->xpt_net; 947 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); 948 949 switch (rqstp->rq_addr.ss_family) { 950 case AF_INET: 951 sin = svc_addr_in(rqstp); 952 sin6 = &sin6_storage; 953 ipv6_addr_set_v4mapped(sin->sin_addr.s_addr, &sin6->sin6_addr); 954 break; 955 case AF_INET6: 956 sin6 = svc_addr_in6(rqstp); 957 break; 958 default: 959 BUG(); 960 } 961 962 rqstp->rq_client = NULL; 963 if (rqstp->rq_proc == 0) 964 goto out; 965 966 rqstp->rq_auth_stat = rpc_autherr_badcred; 967 ipm = ip_map_cached_get(xprt); 968 if (ipm == NULL) 969 ipm = __ip_map_lookup(sn->ip_map_cache, 970 rqstp->rq_server->sv_programs->pg_class, 971 &sin6->sin6_addr); 972 973 if (ipm == NULL) 974 return SVC_DENIED; 975 976 switch (cache_check(sn->ip_map_cache, &ipm->h, &rqstp->rq_chandle)) { 977 default: 978 BUG(); 979 case -ETIMEDOUT: 980 return SVC_CLOSE; 981 case -EAGAIN: 982 return SVC_DROP; 983 case -ENOENT: 984 return SVC_DENIED; 985 case 0: 986 rqstp->rq_client = &ipm->m_client->h; 987 kref_get(&rqstp->rq_client->ref); 988 ip_map_cached_put(xprt, ipm); 989 break; 990 } 991 992 gi = unix_gid_find(cred->cr_uid, rqstp); 993 switch (PTR_ERR(gi)) { 994 case -EAGAIN: 995 return SVC_DROP; 996 case -ESHUTDOWN: 997 return SVC_CLOSE; 998 case -ENOENT: 999 break; 1000 default: 1001 put_group_info(cred->cr_group_info); 1002 cred->cr_group_info = gi; 1003 } 1004 1005 out: 1006 rqstp->rq_auth_stat = rpc_auth_ok; 1007 return SVC_OK; 1008 } 1009 EXPORT_SYMBOL_GPL(svcauth_unix_set_client); 1010 1011 /** 1012 * svcauth_null_accept - Decode and validate incoming RPC_AUTH_NULL credential 1013 * @rqstp: RPC transaction 1014 * 1015 * Return values: 1016 * %SVC_OK: Both credential and verifier are valid 1017 * %SVC_DENIED: Credential or verifier is not valid 1018 * %SVC_GARBAGE: Failed to decode credential or verifier 1019 * %SVC_CLOSE: Temporary failure 1020 * 1021 * rqstp->rq_auth_stat is set as mandated by RFC 5531. 1022 */ 1023 static enum svc_auth_status 1024 svcauth_null_accept(struct svc_rqst *rqstp) 1025 { 1026 struct xdr_stream *xdr = &rqstp->rq_arg_stream; 1027 struct svc_cred *cred = &rqstp->rq_cred; 1028 u32 flavor, len; 1029 void *body; 1030 1031 /* Length of Call's credential body field: */ 1032 if (xdr_stream_decode_u32(xdr, &len) < 0) 1033 return SVC_GARBAGE; 1034 if (len != 0) { 1035 rqstp->rq_auth_stat = rpc_autherr_badcred; 1036 return SVC_DENIED; 1037 } 1038 1039 /* Call's verf field: */ 1040 if (xdr_stream_decode_opaque_auth(xdr, &flavor, &body, &len) < 0) 1041 return SVC_GARBAGE; 1042 if (flavor != RPC_AUTH_NULL || len != 0) { 1043 rqstp->rq_auth_stat = rpc_autherr_badverf; 1044 return SVC_DENIED; 1045 } 1046 1047 /* Signal that mapping to nobody uid/gid is required */ 1048 cred->cr_uid = INVALID_UID; 1049 cred->cr_gid = INVALID_GID; 1050 cred->cr_group_info = groups_alloc(0); 1051 if (cred->cr_group_info == NULL) 1052 return SVC_CLOSE; /* kmalloc failure - client must retry */ 1053 1054 if (xdr_stream_encode_opaque_auth(&rqstp->rq_res_stream, 1055 RPC_AUTH_NULL, NULL, 0) < 0) 1056 return SVC_CLOSE; 1057 if (!svcxdr_set_accept_stat(rqstp)) 1058 return SVC_CLOSE; 1059 1060 rqstp->rq_cred.cr_flavor = RPC_AUTH_NULL; 1061 return SVC_OK; 1062 } 1063 1064 static int 1065 svcauth_null_release(struct svc_rqst *rqstp) 1066 { 1067 if (rqstp->rq_client) 1068 auth_domain_put(rqstp->rq_client); 1069 rqstp->rq_client = NULL; 1070 if (rqstp->rq_cred.cr_group_info) 1071 put_group_info(rqstp->rq_cred.cr_group_info); 1072 rqstp->rq_cred.cr_group_info = NULL; 1073 1074 return 0; /* don't drop */ 1075 } 1076 1077 1078 struct auth_ops svcauth_null = { 1079 .name = "null", 1080 .owner = THIS_MODULE, 1081 .flavour = RPC_AUTH_NULL, 1082 .accept = svcauth_null_accept, 1083 .release = svcauth_null_release, 1084 .set_client = svcauth_unix_set_client, 1085 }; 1086 1087 1088 /** 1089 * svcauth_tls_accept - Decode and validate incoming RPC_AUTH_TLS credential 1090 * @rqstp: RPC transaction 1091 * 1092 * Return values: 1093 * %SVC_OK: Both credential and verifier are valid 1094 * %SVC_DENIED: Credential or verifier is not valid 1095 * %SVC_GARBAGE: Failed to decode credential or verifier 1096 * %SVC_CLOSE: Temporary failure 1097 * 1098 * rqstp->rq_auth_stat is set as mandated by RFC 5531. 1099 */ 1100 static enum svc_auth_status 1101 svcauth_tls_accept(struct svc_rqst *rqstp) 1102 { 1103 struct xdr_stream *xdr = &rqstp->rq_arg_stream; 1104 struct svc_cred *cred = &rqstp->rq_cred; 1105 struct svc_xprt *xprt = rqstp->rq_xprt; 1106 u32 flavor, len; 1107 void *body; 1108 __be32 *p; 1109 1110 /* Length of Call's credential body field: */ 1111 if (xdr_stream_decode_u32(xdr, &len) < 0) 1112 return SVC_GARBAGE; 1113 if (len != 0) { 1114 rqstp->rq_auth_stat = rpc_autherr_badcred; 1115 return SVC_DENIED; 1116 } 1117 1118 /* Call's verf field: */ 1119 if (xdr_stream_decode_opaque_auth(xdr, &flavor, &body, &len) < 0) 1120 return SVC_GARBAGE; 1121 if (flavor != RPC_AUTH_NULL || len != 0) { 1122 rqstp->rq_auth_stat = rpc_autherr_badverf; 1123 return SVC_DENIED; 1124 } 1125 1126 /* AUTH_TLS is not valid on non-NULL procedures */ 1127 if (rqstp->rq_proc != 0) { 1128 rqstp->rq_auth_stat = rpc_autherr_badcred; 1129 return SVC_DENIED; 1130 } 1131 1132 /* Signal that mapping to nobody uid/gid is required */ 1133 cred->cr_uid = INVALID_UID; 1134 cred->cr_gid = INVALID_GID; 1135 cred->cr_group_info = groups_alloc(0); 1136 if (cred->cr_group_info == NULL) 1137 return SVC_CLOSE; 1138 1139 if (xprt->xpt_ops->xpo_handshake) { 1140 p = xdr_reserve_space(&rqstp->rq_res_stream, XDR_UNIT * 2 + 8); 1141 if (!p) 1142 return SVC_CLOSE; 1143 trace_svc_tls_start(xprt); 1144 *p++ = rpc_auth_null; 1145 *p++ = cpu_to_be32(8); 1146 memcpy(p, "STARTTLS", 8); 1147 1148 set_bit(XPT_HANDSHAKE, &xprt->xpt_flags); 1149 svc_xprt_enqueue(xprt); 1150 } else { 1151 trace_svc_tls_unavailable(xprt); 1152 if (xdr_stream_encode_opaque_auth(&rqstp->rq_res_stream, 1153 RPC_AUTH_NULL, NULL, 0) < 0) 1154 return SVC_CLOSE; 1155 } 1156 if (!svcxdr_set_accept_stat(rqstp)) 1157 return SVC_CLOSE; 1158 1159 rqstp->rq_cred.cr_flavor = RPC_AUTH_TLS; 1160 return SVC_OK; 1161 } 1162 1163 struct auth_ops svcauth_tls = { 1164 .name = "tls", 1165 .owner = THIS_MODULE, 1166 .flavour = RPC_AUTH_TLS, 1167 .accept = svcauth_tls_accept, 1168 .release = svcauth_null_release, 1169 .set_client = svcauth_unix_set_client, 1170 }; 1171 1172 1173 /** 1174 * svcauth_unix_accept - Decode and validate incoming RPC_AUTH_SYS credential 1175 * @rqstp: RPC transaction 1176 * 1177 * Return values: 1178 * %SVC_OK: Both credential and verifier are valid 1179 * %SVC_DENIED: Credential or verifier is not valid 1180 * %SVC_GARBAGE: Failed to decode credential or verifier 1181 * %SVC_CLOSE: Temporary failure 1182 * 1183 * rqstp->rq_auth_stat is set as mandated by RFC 5531. 1184 */ 1185 static enum svc_auth_status 1186 svcauth_unix_accept(struct svc_rqst *rqstp) 1187 { 1188 struct xdr_stream *xdr = &rqstp->rq_arg_stream; 1189 struct svc_cred *cred = &rqstp->rq_cred; 1190 struct user_namespace *userns; 1191 u32 flavor, len, i; 1192 void *body; 1193 __be32 *p; 1194 1195 /* 1196 * This implementation ignores the length of the Call's 1197 * credential body field and the timestamp and machinename 1198 * fields. 1199 */ 1200 p = xdr_inline_decode(xdr, XDR_UNIT * 3); 1201 if (!p) 1202 return SVC_GARBAGE; 1203 len = be32_to_cpup(p + 2); 1204 if (len > RPC_MAX_MACHINENAME) 1205 return SVC_GARBAGE; 1206 if (!xdr_inline_decode(xdr, len)) 1207 return SVC_GARBAGE; 1208 1209 /* 1210 * Note: we skip uid_valid()/gid_valid() checks here for 1211 * backwards compatibility with clients that use -1 id's. 1212 * Instead, -1 uid or gid is later mapped to the 1213 * (export-specific) anonymous id by nfsd_setuser. 1214 * Supplementary gid's will be left alone. 1215 */ 1216 userns = (rqstp->rq_xprt && rqstp->rq_xprt->xpt_cred) ? 1217 rqstp->rq_xprt->xpt_cred->user_ns : &init_user_ns; 1218 if (xdr_stream_decode_u32(xdr, &i) < 0) 1219 return SVC_GARBAGE; 1220 cred->cr_uid = make_kuid(userns, i); 1221 if (xdr_stream_decode_u32(xdr, &i) < 0) 1222 return SVC_GARBAGE; 1223 cred->cr_gid = make_kgid(userns, i); 1224 1225 if (xdr_stream_decode_u32(xdr, &len) < 0) 1226 return SVC_GARBAGE; 1227 if (len > UNX_NGROUPS) 1228 goto badcred; 1229 p = xdr_inline_decode(xdr, XDR_UNIT * len); 1230 if (!p) 1231 return SVC_GARBAGE; 1232 cred->cr_group_info = groups_alloc(len); 1233 if (cred->cr_group_info == NULL) 1234 return SVC_CLOSE; 1235 for (i = 0; i < len; i++) { 1236 kgid_t kgid = make_kgid(userns, be32_to_cpup(p++)); 1237 cred->cr_group_info->gid[i] = kgid; 1238 } 1239 groups_sort(cred->cr_group_info); 1240 1241 /* Call's verf field: */ 1242 if (xdr_stream_decode_opaque_auth(xdr, &flavor, &body, &len) < 0) 1243 return SVC_GARBAGE; 1244 if (flavor != RPC_AUTH_NULL || len != 0) { 1245 rqstp->rq_auth_stat = rpc_autherr_badverf; 1246 return SVC_DENIED; 1247 } 1248 1249 if (xdr_stream_encode_opaque_auth(&rqstp->rq_res_stream, 1250 RPC_AUTH_NULL, NULL, 0) < 0) 1251 return SVC_CLOSE; 1252 if (!svcxdr_set_accept_stat(rqstp)) 1253 return SVC_CLOSE; 1254 1255 rqstp->rq_cred.cr_flavor = RPC_AUTH_UNIX; 1256 return SVC_OK; 1257 1258 badcred: 1259 rqstp->rq_auth_stat = rpc_autherr_badcred; 1260 return SVC_DENIED; 1261 } 1262 1263 static int 1264 svcauth_unix_release(struct svc_rqst *rqstp) 1265 { 1266 /* Verifier (such as it is) is already in place. 1267 */ 1268 if (rqstp->rq_client) 1269 auth_domain_put(rqstp->rq_client); 1270 rqstp->rq_client = NULL; 1271 if (rqstp->rq_cred.cr_group_info) 1272 put_group_info(rqstp->rq_cred.cr_group_info); 1273 rqstp->rq_cred.cr_group_info = NULL; 1274 1275 return 0; 1276 } 1277 1278 1279 struct auth_ops svcauth_unix = { 1280 .name = "unix", 1281 .owner = THIS_MODULE, 1282 .flavour = RPC_AUTH_UNIX, 1283 .accept = svcauth_unix_accept, 1284 .release = svcauth_unix_release, 1285 .domain_release = svcauth_unix_domain_release, 1286 .set_client = svcauth_unix_set_client, 1287 }; 1288 1289 static int ip_map_notify(struct cache_detail *cd, struct cache_head *h) 1290 { 1291 return sunrpc_cache_notify(cd, h, SUNRPC_CACHE_TYPE_IP_MAP); 1292 } 1293 1294 /** 1295 * sunrpc_nl_ip_map_get_reqs_dumpit - dump pending ip_map requests 1296 * @skb: reply buffer 1297 * @cb: netlink metadata and command arguments 1298 * 1299 * Walk the ip_map cache's pending request list and create a netlink 1300 * message with a nested entry for each cache_request, containing the 1301 * seqno, class and addr. 1302 * 1303 * Uses cb->args[0] as a seqno cursor for dump continuation across 1304 * multiple netlink messages. 1305 * 1306 * Returns the size of the reply or a negative errno. 1307 */ 1308 int sunrpc_nl_ip_map_get_reqs_dumpit(struct sk_buff *skb, 1309 struct netlink_callback *cb) 1310 { 1311 struct sunrpc_net *sn; 1312 struct cache_detail *cd; 1313 struct cache_head **items; 1314 u64 *seqnos; 1315 int cnt, i, emitted; 1316 void *hdr; 1317 int ret; 1318 1319 sn = net_generic(sock_net(skb->sk), sunrpc_net_id); 1320 1321 cd = sn->ip_map_cache; 1322 if (!cd) 1323 return -ENODEV; 1324 1325 cnt = sunrpc_cache_requests_count(cd); 1326 if (!cnt) 1327 return 0; 1328 1329 items = kcalloc(cnt, sizeof(*items), GFP_KERNEL); 1330 seqnos = kcalloc(cnt, sizeof(*seqnos), GFP_KERNEL); 1331 if (!items || !seqnos) { 1332 ret = -ENOMEM; 1333 goto out_alloc; 1334 } 1335 1336 cnt = sunrpc_cache_requests_snapshot(cd, items, seqnos, cnt, 1337 cb->args[0]); 1338 if (!cnt) { 1339 ret = 0; 1340 goto out_alloc; 1341 } 1342 1343 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, 1344 cb->nlh->nlmsg_seq, &sunrpc_nl_family, 1345 NLM_F_MULTI, SUNRPC_CMD_IP_MAP_GET_REQS); 1346 if (!hdr) { 1347 ret = -ENOBUFS; 1348 goto out_put; 1349 } 1350 1351 emitted = 0; 1352 for (i = 0; i < cnt; i++) { 1353 struct ip_map *im; 1354 struct nlattr *nest; 1355 char text_addr[40]; 1356 1357 im = container_of(items[i], struct ip_map, h); 1358 1359 if (ipv6_addr_v4mapped(&im->m_addr)) 1360 snprintf(text_addr, 20, "%pI4", 1361 &im->m_addr.s6_addr32[3]); 1362 else 1363 snprintf(text_addr, 40, "%pI6", &im->m_addr); 1364 1365 nest = nla_nest_start(skb, SUNRPC_A_IP_MAP_REQS_REQUESTS); 1366 if (!nest) 1367 break; 1368 1369 if (nla_put_u64_64bit(skb, SUNRPC_A_IP_MAP_SEQNO, 1370 seqnos[i], 0) || 1371 nla_put_string(skb, SUNRPC_A_IP_MAP_CLASS, 1372 im->m_class) || 1373 nla_put_string(skb, SUNRPC_A_IP_MAP_ADDR, text_addr)) { 1374 nla_nest_cancel(skb, nest); 1375 break; 1376 } 1377 1378 nla_nest_end(skb, nest); 1379 cb->args[0] = seqnos[i]; 1380 emitted++; 1381 } 1382 1383 if (!emitted) { 1384 genlmsg_cancel(skb, hdr); 1385 ret = -EMSGSIZE; 1386 goto out_put; 1387 } 1388 1389 genlmsg_end(skb, hdr); 1390 ret = skb->len; 1391 out_put: 1392 for (i = 0; i < cnt; i++) 1393 cache_put(items[i], cd); 1394 out_alloc: 1395 kfree(seqnos); 1396 kfree(items); 1397 return ret; 1398 } 1399 1400 /** 1401 * sunrpc_nl_parse_one_ip_map - parse one ip_map entry from netlink 1402 * @cd: cache_detail for the ip_map cache 1403 * @attr: nested attribute containing ip_map fields 1404 * 1405 * Parses one ip_map entry from a netlink message and updates the 1406 * cache. Mirrors the logic in ip_map_parse(). 1407 * 1408 * Returns 0 on success or a negative errno. 1409 */ 1410 static int sunrpc_nl_parse_one_ip_map(struct cache_detail *cd, 1411 struct nlattr *attr) 1412 { 1413 struct nlattr *tb[SUNRPC_A_IP_MAP_EXPIRY + 1]; 1414 union { 1415 struct sockaddr sa; 1416 struct sockaddr_in s4; 1417 struct sockaddr_in6 s6; 1418 } address; 1419 struct sockaddr_in6 sin6; 1420 struct ip_map *ipmp; 1421 struct auth_domain *dom = NULL; 1422 struct unix_domain *udom = NULL; 1423 struct timespec64 boot; 1424 time64_t expiry; 1425 char class[8]; 1426 int err; 1427 int len; 1428 1429 err = nla_parse_nested(tb, SUNRPC_A_IP_MAP_EXPIRY, attr, 1430 sunrpc_ip_map_nl_policy, NULL); 1431 if (err) 1432 return err; 1433 1434 /* class (required) */ 1435 if (!tb[SUNRPC_A_IP_MAP_CLASS]) 1436 return -EINVAL; 1437 len = nla_len(tb[SUNRPC_A_IP_MAP_CLASS]); 1438 if (len <= 0 || len > sizeof(class)) 1439 return -EINVAL; 1440 nla_strscpy(class, tb[SUNRPC_A_IP_MAP_CLASS], sizeof(class)); 1441 1442 /* addr (required) */ 1443 if (!tb[SUNRPC_A_IP_MAP_ADDR]) 1444 return -EINVAL; 1445 if (rpc_pton(cd->net, nla_data(tb[SUNRPC_A_IP_MAP_ADDR]), 1446 nla_len(tb[SUNRPC_A_IP_MAP_ADDR]) - 1, 1447 &address.sa, sizeof(address)) == 0) 1448 return -EINVAL; 1449 1450 switch (address.sa.sa_family) { 1451 case AF_INET: 1452 sin6.sin6_family = AF_INET6; 1453 ipv6_addr_set_v4mapped(address.s4.sin_addr.s_addr, 1454 &sin6.sin6_addr); 1455 break; 1456 #if IS_ENABLED(CONFIG_IPV6) 1457 case AF_INET6: 1458 memcpy(&sin6, &address.s6, sizeof(sin6)); 1459 break; 1460 #endif 1461 default: 1462 return -EINVAL; 1463 } 1464 1465 /* expiry (required, wallclock seconds) */ 1466 if (!tb[SUNRPC_A_IP_MAP_EXPIRY]) 1467 return -EINVAL; 1468 getboottime64(&boot); 1469 expiry = nla_get_u64(tb[SUNRPC_A_IP_MAP_EXPIRY]) - boot.tv_sec; 1470 1471 /* domain name or negative */ 1472 if (tb[SUNRPC_A_IP_MAP_NEGATIVE]) { 1473 udom = NULL; 1474 } else if (tb[SUNRPC_A_IP_MAP_DOMAIN]) { 1475 dom = unix_domain_find(nla_data(tb[SUNRPC_A_IP_MAP_DOMAIN])); 1476 if (!dom) 1477 return -ENOENT; 1478 udom = container_of(dom, struct unix_domain, h); 1479 } else { 1480 return -EINVAL; 1481 } 1482 1483 ipmp = __ip_map_lookup(cd, class, &sin6.sin6_addr); 1484 if (ipmp) 1485 err = __ip_map_update(cd, ipmp, udom, expiry); 1486 else 1487 err = -ENOMEM; 1488 1489 if (dom) 1490 auth_domain_put(dom); 1491 1492 cache_flush(); 1493 return err; 1494 } 1495 1496 /** 1497 * sunrpc_nl_ip_map_set_reqs_doit - respond to ip_map requests 1498 * @skb: reply buffer 1499 * @info: netlink metadata and command arguments 1500 * 1501 * Parse one or more ip_map cache responses from userspace and 1502 * update the ip_map cache accordingly. 1503 * 1504 * Returns 0 on success or a negative errno. 1505 */ 1506 int sunrpc_nl_ip_map_set_reqs_doit(struct sk_buff *skb, 1507 struct genl_info *info) 1508 { 1509 struct sunrpc_net *sn; 1510 struct cache_detail *cd; 1511 const struct nlattr *attr; 1512 int rem, ret = 0; 1513 1514 sn = net_generic(genl_info_net(info), sunrpc_net_id); 1515 1516 cd = sn->ip_map_cache; 1517 if (!cd) 1518 return -ENODEV; 1519 1520 nlmsg_for_each_attr_type(attr, SUNRPC_A_IP_MAP_REQS_REQUESTS, 1521 info->nlhdr, GENL_HDRLEN, rem) { 1522 ret = sunrpc_nl_parse_one_ip_map(cd, 1523 (struct nlattr *)attr); 1524 if (ret) 1525 break; 1526 } 1527 1528 return ret; 1529 } 1530 1531 static const struct cache_detail ip_map_cache_template = { 1532 .owner = THIS_MODULE, 1533 .hash_size = IP_HASHMAX, 1534 .name = "auth.unix.ip", 1535 .cache_put = ip_map_put, 1536 .cache_upcall = ip_map_upcall, 1537 .cache_notify = ip_map_notify, 1538 .cache_request = ip_map_request, 1539 .cache_parse = ip_map_parse, 1540 .cache_show = ip_map_show, 1541 .match = ip_map_match, 1542 .init = ip_map_init, 1543 .update = update, 1544 .alloc = ip_map_alloc, 1545 }; 1546 1547 int ip_map_cache_create(struct net *net) 1548 { 1549 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); 1550 struct cache_detail *cd; 1551 int err; 1552 1553 cd = cache_create_net(&ip_map_cache_template, net); 1554 if (IS_ERR(cd)) 1555 return PTR_ERR(cd); 1556 err = cache_register_net(cd, net); 1557 if (err) { 1558 cache_destroy_net(cd, net); 1559 return err; 1560 } 1561 sn->ip_map_cache = cd; 1562 return 0; 1563 } 1564 1565 void ip_map_cache_destroy(struct net *net) 1566 { 1567 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); 1568 struct cache_detail *cd = sn->ip_map_cache; 1569 1570 sn->ip_map_cache = NULL; 1571 cache_purge(cd); 1572 cache_unregister_net(cd, net); 1573 cache_destroy_net(cd, net); 1574 } 1575