21928056e35ecad1c8aa5cb656d9d495df6a3022
[sfrench/cifs-2.6.git] / fs / nfsd / auth.c
1 /*
2  * linux/fs/nfsd/auth.c
3  *
4  * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
5  */
6
7 #include <linux/types.h>
8 #include <linux/sched.h>
9 #include <linux/sunrpc/svc.h>
10 #include <linux/sunrpc/svcauth.h>
11 #include <linux/nfsd/nfsd.h>
12 #include <linux/nfsd/export.h>
13
14 #define CAP_NFSD_MASK (CAP_FS_MASK|CAP_TO_MASK(CAP_SYS_RESOURCE))
15
16 int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
17 {
18         struct exp_flavor_info *f;
19         struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
20
21         for (f = exp->ex_flavors; f < end; f++) {
22                 if (f->pseudoflavor == rqstp->rq_flavor)
23                         return f->flags;
24         }
25         return exp->ex_flags;
26
27 }
28
29 int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
30 {
31         struct svc_cred cred = rqstp->rq_cred;
32         int i;
33         int flags = nfsexp_flags(rqstp, exp);
34         int ret;
35
36         if (flags & NFSEXP_ALLSQUASH) {
37                 cred.cr_uid = exp->ex_anon_uid;
38                 cred.cr_gid = exp->ex_anon_gid;
39                 cred.cr_group_info = groups_alloc(0);
40         } else if (flags & NFSEXP_ROOTSQUASH) {
41                 struct group_info *gi;
42                 if (!cred.cr_uid)
43                         cred.cr_uid = exp->ex_anon_uid;
44                 if (!cred.cr_gid)
45                         cred.cr_gid = exp->ex_anon_gid;
46                 gi = groups_alloc(cred.cr_group_info->ngroups);
47                 if (gi)
48                         for (i = 0; i < cred.cr_group_info->ngroups; i++) {
49                                 if (!GROUP_AT(cred.cr_group_info, i))
50                                         GROUP_AT(gi, i) = exp->ex_anon_gid;
51                                 else
52                                         GROUP_AT(gi, i) = GROUP_AT(cred.cr_group_info, i);
53                         }
54                 cred.cr_group_info = gi;
55         } else
56                 get_group_info(cred.cr_group_info);
57
58         if (cred.cr_uid != (uid_t) -1)
59                 current->fsuid = cred.cr_uid;
60         else
61                 current->fsuid = exp->ex_anon_uid;
62         if (cred.cr_gid != (gid_t) -1)
63                 current->fsgid = cred.cr_gid;
64         else
65                 current->fsgid = exp->ex_anon_gid;
66
67         if (!cred.cr_group_info)
68                 return -ENOMEM;
69         ret = set_current_groups(cred.cr_group_info);
70         put_group_info(cred.cr_group_info);
71         if ((cred.cr_uid)) {
72                 cap_t(current->cap_effective) &= ~CAP_NFSD_MASK;
73         } else {
74                 cap_t(current->cap_effective) |= (CAP_NFSD_MASK &
75                                                   current->cap_permitted);
76         }
77         return ret;
78 }