Merge branch 'audit.b57' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit...
[linux-2.6] / fs / nfsd / auth.c
1 /*
2  * linux/fs/nfsd/auth.c
3  *
4  * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
5  */
6
7 #include <linux/types.h>
8 #include <linux/sched.h>
9 #include <linux/sunrpc/svc.h>
10 #include <linux/sunrpc/svcauth.h>
11 #include <linux/nfsd/nfsd.h>
12 #include <linux/nfsd/export.h>
13 #include "auth.h"
14
15 int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
16 {
17         struct exp_flavor_info *f;
18         struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
19
20         for (f = exp->ex_flavors; f < end; f++) {
21                 if (f->pseudoflavor == rqstp->rq_flavor)
22                         return f->flags;
23         }
24         return exp->ex_flags;
25
26 }
27
28 int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
29 {
30         struct svc_cred cred = rqstp->rq_cred;
31         int i;
32         int flags = nfsexp_flags(rqstp, exp);
33         int ret;
34
35         if (flags & NFSEXP_ALLSQUASH) {
36                 cred.cr_uid = exp->ex_anon_uid;
37                 cred.cr_gid = exp->ex_anon_gid;
38                 cred.cr_group_info = groups_alloc(0);
39         } else if (flags & NFSEXP_ROOTSQUASH) {
40                 struct group_info *gi;
41                 if (!cred.cr_uid)
42                         cred.cr_uid = exp->ex_anon_uid;
43                 if (!cred.cr_gid)
44                         cred.cr_gid = exp->ex_anon_gid;
45                 gi = groups_alloc(cred.cr_group_info->ngroups);
46                 if (gi)
47                         for (i = 0; i < cred.cr_group_info->ngroups; i++) {
48                                 if (!GROUP_AT(cred.cr_group_info, i))
49                                         GROUP_AT(gi, i) = exp->ex_anon_gid;
50                                 else
51                                         GROUP_AT(gi, i) = GROUP_AT(cred.cr_group_info, i);
52                         }
53                 cred.cr_group_info = gi;
54         } else
55                 get_group_info(cred.cr_group_info);
56
57         if (cred.cr_uid != (uid_t) -1)
58                 current->fsuid = cred.cr_uid;
59         else
60                 current->fsuid = exp->ex_anon_uid;
61         if (cred.cr_gid != (gid_t) -1)
62                 current->fsgid = cred.cr_gid;
63         else
64                 current->fsgid = exp->ex_anon_gid;
65
66         if (!cred.cr_group_info)
67                 return -ENOMEM;
68         ret = set_current_groups(cred.cr_group_info);
69         put_group_info(cred.cr_group_info);
70         if ((cred.cr_uid)) {
71                 current->cap_effective =
72                         cap_drop_nfsd_set(current->cap_effective);
73         } else {
74                 current->cap_effective =
75                         cap_raise_nfsd_set(current->cap_effective,
76                                            current->cap_permitted);
77         }
78         return ret;
79 }