X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fsunrpc%2Fsvcauth.c;h=c7bb5f7f21a587213a4003ec1f5218492a579d3d;hb=97bf2856c6014879bd04983a3e9dfcdac1e7fe85;hp=db78e727d1ebf429a810435fd23941c6527f1c8e;hpb=5273a3df6485dc2ad6aa7ddd441b9a21970f003b;p=linux-2.6.git diff --git a/net/sunrpc/svcauth.c b/net/sunrpc/svcauth.c index db78e727d..c7bb5f7f2 100644 --- a/net/sunrpc/svcauth.c +++ b/net/sunrpc/svcauth.c @@ -11,6 +11,7 @@ #include #include +#include #include #include #include @@ -27,31 +28,42 @@ extern struct auth_ops svcauth_null; extern struct auth_ops svcauth_unix; +static DEFINE_SPINLOCK(authtab_lock); static struct auth_ops *authtab[RPC_AUTH_MAXFLAVOR] = { [0] = &svcauth_null, [1] = &svcauth_unix, }; int -svc_authenticate(struct svc_rqst *rqstp, u32 *authp) +svc_authenticate(struct svc_rqst *rqstp, __be32 *authp) { rpc_authflavor_t flavor; struct auth_ops *aops; *authp = rpc_auth_ok; - flavor = ntohl(svc_getu32(&rqstp->rq_arg.head[0])); + flavor = svc_getnl(&rqstp->rq_arg.head[0]); dprintk("svc: svc_authenticate (%d)\n", flavor); - if (flavor >= RPC_AUTH_MAXFLAVOR || !(aops = authtab[flavor])) { + + spin_lock(&authtab_lock); + if (flavor >= RPC_AUTH_MAXFLAVOR || !(aops = authtab[flavor]) + || !try_module_get(aops->owner)) { + spin_unlock(&authtab_lock); *authp = rpc_autherr_badcred; return SVC_DENIED; } + spin_unlock(&authtab_lock); rqstp->rq_authop = aops; return aops->accept(rqstp, authp); } +int svc_set_client(struct svc_rqst *rqstp) +{ + return rqstp->rq_authop->set_client(rqstp); +} + /* A request, which was authenticated, has now executed. * Time to finalise the the credentials and verifier * and release and resources @@ -63,110 +75,87 @@ int svc_authorise(struct svc_rqst *rqstp) rqstp->rq_authop = NULL; - if (aops) + if (aops) { rv = aops->release(rqstp); - - /* FIXME should I count and release authops */ + module_put(aops->owner); + } return rv; } int svc_auth_register(rpc_authflavor_t flavor, struct auth_ops *aops) { - if (flavor >= RPC_AUTH_MAXFLAVOR || authtab[flavor]) - return -EINVAL; - authtab[flavor] = aops; - return 0; + int rv = -EINVAL; + spin_lock(&authtab_lock); + if (flavor < RPC_AUTH_MAXFLAVOR && authtab[flavor] == NULL) { + authtab[flavor] = aops; + rv = 0; + } + spin_unlock(&authtab_lock); + return rv; } void svc_auth_unregister(rpc_authflavor_t flavor) { + spin_lock(&authtab_lock); if (flavor < RPC_AUTH_MAXFLAVOR) authtab[flavor] = NULL; + spin_unlock(&authtab_lock); } +EXPORT_SYMBOL(svc_auth_unregister); /************************************************** - * cache for domain name to auth_domain - * Entries are only added by flavours which will normally - * have a structure that 'inherits' from auth_domain. - * e.g. when an IP -> domainname is given to auth_unix, - * and the domain name doesn't exist, it will create a - * auth_unix_domain and add it to this hash table. - * If it finds the name does exist, but isn't AUTH_UNIX, - * it will complain. + * 'auth_domains' are stored in a hash table indexed by name. + * When the last reference to an 'auth_domain' is dropped, + * the object is unhashed and freed. + * If auth_domain_lookup fails to find an entry, it will return + * it's second argument 'new'. If this is non-null, it will + * have been atomically linked into the table. */ -/* - * Auth auth_domain cache is somewhat different to other caches, - * largely because the entries are possibly of different types: - * each auth flavour has it's own type. - * One consequence of this that DefineCacheLookup cannot - * allocate a new structure as it cannot know the size. - * Notice that the "INIT" code fragment is quite different - * from other caches. When auth_domain_lookup might be - * creating a new domain, the new domain is passed in - * complete and it is used as-is rather than being copied into - * another structure. - */ #define DN_HASHBITS 6 #define DN_HASHMAX (1<flavour]->domain_release(dom); -} - - -struct cache_detail auth_domain_cache = { - .hash_size = DN_HASHMAX, - .hash_table = auth_domain_table, - .name = "auth.domain", - .cache_put = auth_domain_drop, -}; +static struct hlist_head auth_domain_table[DN_HASHMAX]; +static spinlock_t auth_domain_lock = + __SPIN_LOCK_UNLOCKED(auth_domain_lock); void auth_domain_put(struct auth_domain *dom) { - auth_domain_drop(&dom->h, &auth_domain_cache); + if (atomic_dec_and_lock(&dom->ref.refcount, &auth_domain_lock)) { + hlist_del(&dom->hash); + dom->flavour->domain_release(dom); + spin_unlock(&auth_domain_lock); + } } -static inline int auth_domain_hash(struct auth_domain *item) -{ - return hash_str(item->name, DN_HASHBITS); -} -static inline int auth_domain_match(struct auth_domain *tmp, struct auth_domain *item) +struct auth_domain * +auth_domain_lookup(char *name, struct auth_domain *new) { - return strcmp(tmp->name, item->name) == 0; + struct auth_domain *hp; + struct hlist_head *head; + struct hlist_node *np; + + head = &auth_domain_table[hash_str(name, DN_HASHBITS)]; + + spin_lock(&auth_domain_lock); + + hlist_for_each_entry(hp, np, head, hash) { + if (strcmp(hp->name, name)==0) { + kref_get(&hp->ref); + spin_unlock(&auth_domain_lock); + return hp; + } + } + if (new) + hlist_add_head(&new->hash, head); + spin_unlock(&auth_domain_lock); + return new; } -DefineCacheLookup(struct auth_domain, - h, - auth_domain_lookup, - (struct auth_domain *item, int set), - /* no setup */, - &auth_domain_cache, - auth_domain_hash(item), - auth_domain_match(tmp, item), - kfree(new); if(!set) { - if (new) - write_unlock(&auth_domain_cache.hash_lock); - else - read_unlock(&auth_domain_cache.hash_lock); - return NULL; - } - new=item; atomic_inc(&new->h.refcnt), - /* no update */, - 0 /* no inplace updates */ - ) struct auth_domain *auth_domain_find(char *name) { - struct auth_domain *rv, ad; - - ad.name = name; - rv = auth_domain_lookup(&ad, 0); - return rv; + return auth_domain_lookup(name, NULL); }