| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Oct 2007 12:20:37 -0400
From: "J. Bruce Fields" <bfields@...ldses.org>
To: Aurélien Charbon <aurelien.charbon@....bull.net>
Cc: Brian Haley <brian.haley@...com>,
netdev ML <netdev@...r.kernel.org>,
Mailing list NFSv4 <nfsv4@...ux-nfs.org>
Subject: Re: [PATCH 2/2] NFS: handle IPv6 addresses in nfs ctl
On Wed, Oct 31, 2007 at 10:06:18AM +0100, Aurélien Charbon wrote:
> Thank you Brian
> Sorry, I did not see what you sent.
>
> I have tested it with an IPv4 configuration. It's OK.
> So Neil, Bruce, you can take this one for review.
Did you miss Neil's question about the nfsctl stuff? (Do we really need
that, or would the changes to the ip_map cache be sufficient?)--b.
>
> fs/nfsd/export.c | 9 ++-
> fs/nfsd/nfsctl.c | 42 ++++++++++++--
> include/linux/sunrpc/svcauth.h | 5 +
> include/net/ipv6.h | 10 +++
> net/sunrpc/svcauth_unix.c | 118
> +++++++++++++++++++++++++++--------------
> 5 files changed, 134 insertions(+), 50 deletions(-)
>
> Signed-off-by: Brian Haley <brian.haley@...com>
> Signed-off-by: Aurelien Charbon <aurelien.charbon@...l.net>
>
> ---
>
> diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
> index 66d0aeb..c47ba77 100644
> --- a/fs/nfsd/export.c
> +++ b/fs/nfsd/export.c
> @@ -35,6 +35,7 @@
> #include <linux/lockd/bind.h>
> #include <linux/sunrpc/msg_prot.h>
> #include <linux/sunrpc/gss_api.h>
> +#include <net/ipv6.h>
> #define NFSDDBG_FACILITY NFSDDBG_EXPORT
> @@ -1556,6 +1557,7 @@ exp_addclient(struct nfsctl_client *ncp)
> {
> struct auth_domain *dom;
> int i, err;
> + struct in6_addr in6;
> /* First, consistency check. */
> err = -EINVAL;
> @@ -1574,9 +1576,10 @@ exp_addclient(struct nfsctl_client *ncp)
> goto out_unlock;
> /* Insert client into hashtable. */
> - for (i = 0; i < ncp->cl_naddr; i++)
> - auth_unix_add_addr(ncp->cl_addrlist[i], dom);
> -
> + for (i = 0; i < ncp->cl_naddr; i++) {
> + ipv6_addr_set_v4mapped(ncp->cl_addrlist[i].s_addr, &in6);
> + auth_unix_add_addr(&in6, dom);
> + }
> auth_unix_forget_old(dom);
> auth_domain_put(dom);
> diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
> index 77dc989..5cb5f0d 100644
> --- a/fs/nfsd/nfsctl.c
> +++ b/fs/nfsd/nfsctl.c
> @@ -37,6 +37,7 @@
> #include <linux/nfsd/syscall.h>
> #include <asm/uaccess.h>
> +#include <net/ipv6.h>
> /*
> * We have a single directory with 9 nodes in it.
> @@ -219,24 +220,37 @@ static ssize_t write_getfs(struct file *file, char
> *buf, size_t size)
> {
> struct nfsctl_fsparm *data;
> struct sockaddr_in *sin;
> + struct sockaddr_in6 *sin6;
> struct auth_domain *clp;
> int err = 0;
> struct knfsd_fh *res;
> + struct in6_addr in6;
> if (size < sizeof(*data))
> return -EINVAL;
> data = (struct nfsctl_fsparm*)buf;
> err = -EPROTONOSUPPORT;
> - if (data->gd_addr.sa_family != AF_INET)
> + switch (data->gd_addr.sa_family) {
> + case AF_INET:
> + sin = (struct sockaddr_in *)&data->gd_addr;
> + ipv6_addr_set_v4mapped(sin->sin_addr.s_addr, &in6);
> + break;
> + case AF_INET6:
> + sin6 = (struct sockaddr_in6 *)&data->gd_addr;
> + ipv6_addr_copy(&in6, &sin6->sin6_addr);
> + break;
> + default:
> goto out;
> - sin = (struct sockaddr_in *)&data->gd_addr;
> + }
> +
> if (data->gd_maxlen > NFS3_FHSIZE)
> data->gd_maxlen = NFS3_FHSIZE;
> res = (struct knfsd_fh*)buf;
> exp_readlock();
> - if (!(clp = auth_unix_lookup(sin->sin_addr)))
> +
> + if (!(clp = auth_unix_lookup(&in6)))
> err = -EPERM;
> else {
> err = exp_rootfh(clp, data->gd_path, res, data->gd_maxlen);
> @@ -253,25 +267,41 @@ static ssize_t write_getfd(struct file *file, char
> *buf, size_t size)
> {
> struct nfsctl_fdparm *data;
> struct sockaddr_in *sin;
> + struct sockaddr_in6 *sin6;
> struct auth_domain *clp;
> int err = 0;
> struct knfsd_fh fh;
> char *res;
> + struct in6_addr in6;
> if (size < sizeof(*data))
> return -EINVAL;
> data = (struct nfsctl_fdparm*)buf;
> err = -EPROTONOSUPPORT;
> - if (data->gd_addr.sa_family != AF_INET)
> + if (data->gd_addr.sa_family != AF_INET &&
> + data->gd_addr.sa_family != AF_INET6)
> goto out;
> err = -EINVAL;
> if (data->gd_version < 2 || data->gd_version > NFSSVC_MAXVERS)
> goto out;
> res = buf;
> - sin = (struct sockaddr_in *)&data->gd_addr;
> exp_readlock();
> - if (!(clp = auth_unix_lookup(sin->sin_addr)))
> +
> + switch (data->gd_addr.sa_family) {
> + case AF_INET:
> + sin = (struct sockaddr_in *)&data->gd_addr;
> + ipv6_addr_set_v4mapped(sin->sin_addr.s_addr, &in6);
> + break;
> + case AF_INET6:
> + sin6 = (struct sockaddr_in6 *)&data->gd_addr;
> + ipv6_addr_copy(&in6, &sin6->sin6_addr);
> + break;
> + default:
> + goto out;
> + }
> +
> + if (!(clp = auth_unix_lookup(&in6)))
> err = -EPERM;
> else {
> err = exp_rootfh(clp, data->gd_path, &fh, NFS_FHSIZE);
> diff --git a/include/linux/sunrpc/svcauth.h
> b/include/linux/sunrpc/svcauth.h
> index 22e1ef8..64ecb93 100644
> --- a/include/linux/sunrpc/svcauth.h
> +++ b/include/linux/sunrpc/svcauth.h
> @@ -15,6 +15,7 @@
> #include <linux/sunrpc/msg_prot.h>
> #include <linux/sunrpc/cache.h>
> #include <linux/hash.h>
> +#include <net/ipv6.h>
> #define SVC_CRED_NGROUPS 32
> struct svc_cred {
> @@ -120,10 +121,10 @@ extern void svc_auth_unregister(rpc_authflavor_t
> flavor);
> extern struct auth_domain *unix_domain_find(char *name);
> extern void auth_domain_put(struct auth_domain *item);
> -extern int auth_unix_add_addr(struct in_addr addr, struct auth_domain
> *dom);
> +extern int auth_unix_add_addr(struct in6_addr *addr, struct auth_domain
> *dom);
> extern struct auth_domain *auth_domain_lookup(char *name, struct
> auth_domain *new);
> extern struct auth_domain *auth_domain_find(char *name);
> -extern struct auth_domain *auth_unix_lookup(struct in_addr addr);
> +extern struct auth_domain *auth_unix_lookup(struct in6_addr *addr);
> extern int auth_unix_forget_old(struct auth_domain *dom);
> extern void svcauth_unix_purge(void);
> extern void svcauth_unix_info_release(void *);
> diff --git a/include/net/ipv6.h b/include/net/ipv6.h
> index ae328b6..366fdca 100644
> --- a/include/net/ipv6.h
> +++ b/include/net/ipv6.h
> @@ -16,6 +16,7 @@
> #define _NET_IPV6_H
> #include <linux/ipv6.h>
> +#include <linux/in.h>
> #include <linux/hardirq.h>
> #include <net/if_inet6.h>
> #include <net/ndisc.h>
> @@ -400,6 +401,15 @@ static inline int ipv6_addr_v4mapped(const struct
> in6_addr *a)
> a->s6_addr32[2] == htonl(0x0000ffff));
> }
> +static inline void ipv6_addr_set_v4mapped(const __be32 addr,
> + struct in6_addr *v4mapped)
> +{
> + ipv6_addr_set(v4mapped,
> + 0, 0,
> + __constant_htonl(0x0000FFFF),
> + addr);
> +}
> +
> /*
> * find the first different bit between two addresses
> * length of address must be a multiple of 32bits
> diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
> index 4114794..a40d769 100644
> --- a/net/sunrpc/svcauth_unix.c
> +++ b/net/sunrpc/svcauth_unix.c
> @@ -11,6 +11,7 @@
> #include <linux/hash.h>
> #include <linux/string.h>
> #include <net/sock.h>
> +#include <net/ipv6.h>
> #define RPCDBG_FACILITY RPCDBG_AUTH
> @@ -84,7 +85,7 @@ static void svcauth_unix_domain_release(struct
> auth_domain *dom)
> struct ip_map {
> struct cache_head h;
> char m_class[8]; /* e.g. "nfsd" */
> - struct in_addr m_addr;
> + struct in6_addr m_addr;
> struct unix_domain *m_client;
> int m_add_change;
> };
> @@ -101,7 +102,6 @@ static void ip_map_put(struct kref *kref)
> kfree(im);
> }
> -#if IP_HASHBITS == 8
> /* hash_long on a 64 bit machine is currently REALLY BAD for
> * IP addresses in reverse-endian (i.e. on a little-endian machine).
> * So use a trivial but reliable hash instead
> @@ -111,13 +111,20 @@ static inline int hash_ip(__be32 ip)
> int hash = (__force u32)ip ^ ((__force u32)ip>>16);
> return (hash ^ (hash>>8)) & 0xff;
> }
> -#endif
> +
> +static inline int hash_ip6(struct in6_addr *ip6)
> +{
> + return (hash_ip(ip6->s6_addr32[0]) ^
> + hash_ip(ip6->s6_addr32[1]) ^
> + hash_ip(ip6->s6_addr32[2]) ^
> + hash_ip(ip6->s6_addr32[3]));
> +}
> static int ip_map_match(struct cache_head *corig, struct cache_head *cnew)
> {
> struct ip_map *orig = container_of(corig, struct ip_map, h);
> struct ip_map *new = container_of(cnew, struct ip_map, h);
> return strcmp(orig->m_class, new->m_class) == 0
> - && orig->m_addr.s_addr == new->m_addr.s_addr;
> + && ipv6_addr_equal(&orig->m_addr, &new->m_addr);
> }
> static void ip_map_init(struct cache_head *cnew, struct cache_head *citem)
> {
> @@ -125,7 +132,7 @@ static void ip_map_init(struct cache_head *cnew, struct
> cache_head *citem)
> struct ip_map *item = container_of(citem, struct ip_map, h);
> strcpy(new->m_class, item->m_class);
> - new->m_addr.s_addr = item->m_addr.s_addr;
> + ipv6_addr_copy(&new->m_addr, &item->m_addr);
> }
> static void update(struct cache_head *cnew, struct cache_head *citem)
> {
> @@ -149,22 +156,24 @@ static void ip_map_request(struct cache_detail *cd,
> struct cache_head *h,
> char **bpp, int *blen)
> {
> - char text_addr[20];
> + char text_addr[40];
> struct ip_map *im = container_of(h, struct ip_map, h);
> - __be32 addr = im->m_addr.s_addr;
> -
> - snprintf(text_addr, 20, "%u.%u.%u.%u",
> - ntohl(addr) >> 24 & 0xff,
> - ntohl(addr) >> 16 & 0xff,
> - ntohl(addr) >> 8 & 0xff,
> - ntohl(addr) >> 0 & 0xff);
> + if (ipv6_addr_v4mapped(&(im->m_addr))) {
> + snprintf(text_addr, 20, NIPQUAD_FMT,
> + ntohl(im->m_addr.s6_addr32[3]) >> 24 & 0xff,
> + ntohl(im->m_addr.s6_addr32[3]) >> 16 & 0xff,
> + ntohl(im->m_addr.s6_addr32[3]) >> 8 & 0xff,
> + ntohl(im->m_addr.s6_addr32[3]) >> 0 & 0xff);
> + } else {
> + snprintf(text_addr, 40, NIP6_FMT, NIP6(im->m_addr));
> + }
> qword_add(bpp, blen, im->m_class);
> qword_add(bpp, blen, text_addr);
> (*bpp)[-1] = '\n';
> }
> -static struct ip_map *ip_map_lookup(char *class, struct in_addr addr);
> +static struct ip_map *ip_map_lookup(char *class, struct in6_addr *addr);
> static int ip_map_update(struct ip_map *ipm, struct unix_domain *udom,
> time_t expiry);
> static int ip_map_parse(struct cache_detail *cd,
> @@ -175,10 +184,10 @@ static int ip_map_parse(struct cache_detail *cd,
> * for scratch: */
> char *buf = mesg;
> int len;
> - int b1,b2,b3,b4;
> + int b1, b2, b3, b4, b5, b6, b7, b8;
> char c;
> char class[8];
> - struct in_addr addr;
> + struct in6_addr addr6;
> int err;
> struct ip_map *ipmp;
> @@ -197,7 +206,23 @@ static int ip_map_parse(struct cache_detail *cd,
> len = qword_get(&mesg, buf, mlen);
> if (len <= 0) return -EINVAL;
> - if (sscanf(buf, "%u.%u.%u.%u%c", &b1, &b2, &b3, &b4, &c) != 4)
> + if (sscanf(buf, NIPQUAD_FMT "%c", &b1, &b2, &b3, &b4, &c) == 4) {
> + addr6.s6_addr32[0] = 0;
> + addr6.s6_addr32[1] = 0;
> + addr6.s6_addr32[2] = htonl(0xffff);
> + addr6.s6_addr32[3] =
> + htonl((((((b1<<8)|b2)<<8)|b3)<<8)|b4);
> + } else if (sscanf(buf, NIP6_FMT "%c",
> + &b1, &b2, &b3, &b4, &b5, &b6, &b7, &b8, &c) == 8) {
> + addr6.s6_addr16[0] = htons(b1);
> + addr6.s6_addr16[1] = htons(b2);
> + addr6.s6_addr16[2] = htons(b3);
> + addr6.s6_addr16[3] = htons(b4);
> + addr6.s6_addr16[4] = htons(b5);
> + addr6.s6_addr16[5] = htons(b6);
> + addr6.s6_addr16[6] = htons(b7);
> + addr6.s6_addr16[7] = htons(b8);
> + } else
> return -EINVAL;
> expiry = get_expiry(&mesg);
> @@ -215,10 +240,7 @@ static int ip_map_parse(struct cache_detail *cd,
> } else
> dom = NULL;
> - addr.s_addr =
> - htonl((((((b1<<8)|b2)<<8)|b3)<<8)|b4);
> -
> - ipmp = ip_map_lookup(class,addr);
> + ipmp = ip_map_lookup(class, &addr6);
> if (ipmp) {
> err = ip_map_update(ipmp,
> container_of(dom, struct unix_domain, h),
> @@ -238,7 +260,7 @@ static int ip_map_show(struct seq_file *m,
> struct cache_head *h)
> {
> struct ip_map *im;
> - struct in_addr addr;
> + struct in6_addr addr6;
> char *dom = "-no-domain-";
> if (h == NULL) {
> @@ -247,20 +269,24 @@ static int ip_map_show(struct seq_file *m,
> }
> im = container_of(h, struct ip_map, h);
> /* class addr domain */
> - addr = im->m_addr;
> + ipv6_addr_copy(&addr6, &im->m_addr);
> if (test_bit(CACHE_VALID, &h->flags) &&
> !test_bit(CACHE_NEGATIVE, &h->flags))
> dom = im->m_client->h.name;
> - seq_printf(m, "%s %d.%d.%d.%d %s\n",
> - im->m_class,
> - ntohl(addr.s_addr) >> 24 & 0xff,
> - ntohl(addr.s_addr) >> 16 & 0xff,
> - ntohl(addr.s_addr) >> 8 & 0xff,
> - ntohl(addr.s_addr) >> 0 & 0xff,
> - dom
> - );
> + if (ipv6_addr_v4mapped(&addr6)) {
> + seq_printf(m, "%s" NIPQUAD_FMT "%s\n",
> + im->m_class,
> + ntohl(addr6.s6_addr32[3]) >> 24 & 0xff,
> + ntohl(addr6.s6_addr32[3]) >> 16 & 0xff,
> + ntohl(addr6.s6_addr32[3]) >> 8 & 0xff,
> + ntohl(addr6.s6_addr32[3]) >> 0 & 0xff,
> + dom);
> + } else {
> + seq_printf(m, "%s" NIP6_FMT "%s\n",
> + im->m_class, NIP6(addr6), dom);
> + }
> return 0;
> }
> @@ -280,16 +306,16 @@ struct cache_detail ip_map_cache = {
> .alloc = ip_map_alloc,
> };
> -static struct ip_map *ip_map_lookup(char *class, struct in_addr addr)
> +static struct ip_map *ip_map_lookup(char *class, struct in6_addr *addr)
> {
> struct ip_map ip;
> struct cache_head *ch;
> strcpy(ip.m_class, class);
> - ip.m_addr = addr;
> + ipv6_addr_copy(&ip.m_addr, addr);
> ch = sunrpc_cache_lookup(&ip_map_cache, &ip.h,
> hash_str(class, IP_HASHBITS) ^
> - hash_ip(addr.s_addr));
> + hash_ip6(addr));
> if (ch)
> return container_of(ch, struct ip_map, h);
> @@ -318,14 +344,14 @@ static int ip_map_update(struct ip_map *ipm, struct
> unix_domain *udom, time_t ex
> ch = sunrpc_cache_update(&ip_map_cache,
> &ip.h, &ipm->h,
> hash_str(ipm->m_class, IP_HASHBITS) ^
> - hash_ip(ipm->m_addr.s_addr));
> + hash_ip6(&ipm->m_addr));
> if (!ch)
> return -ENOMEM;
> cache_put(ch, &ip_map_cache);
> return 0;
> }
> -int auth_unix_add_addr(struct in_addr addr, struct auth_domain *dom)
> +int auth_unix_add_addr(struct in6_addr *addr, struct auth_domain *dom)
> {
> struct unix_domain *udom;
> struct ip_map *ipmp;
> @@ -352,7 +378,7 @@ int auth_unix_forget_old(struct auth_domain *dom)
> return 0;
> }
> -struct auth_domain *auth_unix_lookup(struct in_addr addr)
> +struct auth_domain *auth_unix_lookup(struct in6_addr *addr)
> {
> struct ip_map *ipm;
> struct auth_domain *rv;
> @@ -641,9 +667,23 @@ static int unix_gid_find(uid_t uid, struct group_info
> **gip,
> int
> svcauth_unix_set_client(struct svc_rqst *rqstp)
> {
> - struct sockaddr_in *sin = svc_addr_in(rqstp);
> + struct sockaddr_in *sin;
> + struct sockaddr_in6 *sin6, sin6_storage;
> struct ip_map *ipm;
> + switch (rqstp->rq_addr.ss_family) {
> + case AF_INET:
> + sin = svc_addr_in(rqstp);
> + sin6 = &sin6_storage;
> + ipv6_addr_set_v4mapped(sin->sin_addr.s_addr, &sin6->sin6_addr);
> + break;
> + case AF_INET6:
> + sin6 = svc_addr_in6(rqstp);
> + break;
> + default:
> + BUG();
> + }
> +
> rqstp->rq_client = NULL;
> if (rqstp->rq_proc == 0)
> return SVC_OK;
> @@ -651,7 +691,7 @@ svcauth_unix_set_client(struct svc_rqst *rqstp)
> ipm = ip_map_cached_get(rqstp);
> if (ipm == NULL)
> ipm = ip_map_lookup(rqstp->rq_server->sv_program->pg_class,
> - sin->sin_addr);
> + &sin6->sin6_addr);
> if (ipm == NULL)
> return SVC_DENIED;
>
>
> --
>
> ********************************
> Aurelien Charbon
> Linux NFSv4 team
> Bull SAS
> Echirolles - France
> http://nfsv4.bullopensource.org/
> ********************************
>
> diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
> index 66d0aeb..c47ba77 100644
> --- a/fs/nfsd/export.c
> +++ b/fs/nfsd/export.c
> @@ -35,6 +35,7 @@
> #include <linux/lockd/bind.h>
> #include <linux/sunrpc/msg_prot.h>
> #include <linux/sunrpc/gss_api.h>
> +#include <net/ipv6.h>
>
> #define NFSDDBG_FACILITY NFSDDBG_EXPORT
>
> @@ -1556,6 +1557,7 @@ exp_addclient(struct nfsctl_client *ncp)
> {
> struct auth_domain *dom;
> int i, err;
> + struct in6_addr in6;
>
> /* First, consistency check. */
> err = -EINVAL;
> @@ -1574,9 +1576,10 @@ exp_addclient(struct nfsctl_client *ncp)
> goto out_unlock;
>
> /* Insert client into hashtable. */
> - for (i = 0; i < ncp->cl_naddr; i++)
> - auth_unix_add_addr(ncp->cl_addrlist[i], dom);
> -
> + for (i = 0; i < ncp->cl_naddr; i++) {
> + ipv6_addr_set_v4mapped(ncp->cl_addrlist[i].s_addr, &in6);
> + auth_unix_add_addr(&in6, dom);
> + }
> auth_unix_forget_old(dom);
> auth_domain_put(dom);
>
> diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
> index 77dc989..5cb5f0d 100644
> --- a/fs/nfsd/nfsctl.c
> +++ b/fs/nfsd/nfsctl.c
> @@ -37,6 +37,7 @@
> #include <linux/nfsd/syscall.h>
>
> #include <asm/uaccess.h>
> +#include <net/ipv6.h>
>
> /*
> * We have a single directory with 9 nodes in it.
> @@ -219,24 +220,37 @@ static ssize_t write_getfs(struct file *file, char *buf, size_t size)
> {
> struct nfsctl_fsparm *data;
> struct sockaddr_in *sin;
> + struct sockaddr_in6 *sin6;
> struct auth_domain *clp;
> int err = 0;
> struct knfsd_fh *res;
> + struct in6_addr in6;
>
> if (size < sizeof(*data))
> return -EINVAL;
> data = (struct nfsctl_fsparm*)buf;
> err = -EPROTONOSUPPORT;
> - if (data->gd_addr.sa_family != AF_INET)
> + switch (data->gd_addr.sa_family) {
> + case AF_INET:
> + sin = (struct sockaddr_in *)&data->gd_addr;
> + ipv6_addr_set_v4mapped(sin->sin_addr.s_addr, &in6);
> + break;
> + case AF_INET6:
> + sin6 = (struct sockaddr_in6 *)&data->gd_addr;
> + ipv6_addr_copy(&in6, &sin6->sin6_addr);
> + break;
> + default:
> goto out;
> - sin = (struct sockaddr_in *)&data->gd_addr;
> + }
> +
> if (data->gd_maxlen > NFS3_FHSIZE)
> data->gd_maxlen = NFS3_FHSIZE;
>
> res = (struct knfsd_fh*)buf;
>
> exp_readlock();
> - if (!(clp = auth_unix_lookup(sin->sin_addr)))
> +
> + if (!(clp = auth_unix_lookup(&in6)))
> err = -EPERM;
> else {
> err = exp_rootfh(clp, data->gd_path, res, data->gd_maxlen);
> @@ -253,25 +267,41 @@ static ssize_t write_getfd(struct file *file, char *buf, size_t size)
> {
> struct nfsctl_fdparm *data;
> struct sockaddr_in *sin;
> + struct sockaddr_in6 *sin6;
> struct auth_domain *clp;
> int err = 0;
> struct knfsd_fh fh;
> char *res;
> + struct in6_addr in6;
>
> if (size < sizeof(*data))
> return -EINVAL;
> data = (struct nfsctl_fdparm*)buf;
> err = -EPROTONOSUPPORT;
> - if (data->gd_addr.sa_family != AF_INET)
> + if (data->gd_addr.sa_family != AF_INET &&
> + data->gd_addr.sa_family != AF_INET6)
> goto out;
> err = -EINVAL;
> if (data->gd_version < 2 || data->gd_version > NFSSVC_MAXVERS)
> goto out;
>
> res = buf;
> - sin = (struct sockaddr_in *)&data->gd_addr;
> exp_readlock();
> - if (!(clp = auth_unix_lookup(sin->sin_addr)))
> +
> + switch (data->gd_addr.sa_family) {
> + case AF_INET:
> + sin = (struct sockaddr_in *)&data->gd_addr;
> + ipv6_addr_set_v4mapped(sin->sin_addr.s_addr, &in6);
> + break;
> + case AF_INET6:
> + sin6 = (struct sockaddr_in6 *)&data->gd_addr;
> + ipv6_addr_copy(&in6, &sin6->sin6_addr);
> + break;
> + default:
> + goto out;
> + }
> +
> + if (!(clp = auth_unix_lookup(&in6)))
> err = -EPERM;
> else {
> err = exp_rootfh(clp, data->gd_path, &fh, NFS_FHSIZE);
> diff --git a/include/linux/sunrpc/svcauth.h b/include/linux/sunrpc/svcauth.h
> index 22e1ef8..64ecb93 100644
> --- a/include/linux/sunrpc/svcauth.h
> +++ b/include/linux/sunrpc/svcauth.h
> @@ -15,6 +15,7 @@
> #include <linux/sunrpc/msg_prot.h>
> #include <linux/sunrpc/cache.h>
> #include <linux/hash.h>
> +#include <net/ipv6.h>
>
> #define SVC_CRED_NGROUPS 32
> struct svc_cred {
> @@ -120,10 +121,10 @@ extern void svc_auth_unregister(rpc_authflavor_t flavor);
>
> extern struct auth_domain *unix_domain_find(char *name);
> extern void auth_domain_put(struct auth_domain *item);
> -extern int auth_unix_add_addr(struct in_addr addr, struct auth_domain *dom);
> +extern int auth_unix_add_addr(struct in6_addr *addr, struct auth_domain *dom);
> extern struct auth_domain *auth_domain_lookup(char *name, struct auth_domain *new);
> extern struct auth_domain *auth_domain_find(char *name);
> -extern struct auth_domain *auth_unix_lookup(struct in_addr addr);
> +extern struct auth_domain *auth_unix_lookup(struct in6_addr *addr);
> extern int auth_unix_forget_old(struct auth_domain *dom);
> extern void svcauth_unix_purge(void);
> extern void svcauth_unix_info_release(void *);
> diff --git a/include/net/ipv6.h b/include/net/ipv6.h
> index ae328b6..366fdca 100644
> --- a/include/net/ipv6.h
> +++ b/include/net/ipv6.h
> @@ -16,6 +16,7 @@
> #define _NET_IPV6_H
>
> #include <linux/ipv6.h>
> +#include <linux/in.h>
> #include <linux/hardirq.h>
> #include <net/if_inet6.h>
> #include <net/ndisc.h>
> @@ -400,6 +401,15 @@ static inline int ipv6_addr_v4mapped(const struct in6_addr *a)
> a->s6_addr32[2] == htonl(0x0000ffff));
> }
>
> +static inline void ipv6_addr_set_v4mapped(const __be32 addr,
> + struct in6_addr *v4mapped)
> +{
> + ipv6_addr_set(v4mapped,
> + 0, 0,
> + __constant_htonl(0x0000FFFF),
> + addr);
> +}
> +
> /*
> * find the first different bit between two addresses
> * length of address must be a multiple of 32bits
> diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
> index 4114794..a40d769 100644
> --- a/net/sunrpc/svcauth_unix.c
> +++ b/net/sunrpc/svcauth_unix.c
> @@ -11,6 +11,7 @@
> #include <linux/hash.h>
> #include <linux/string.h>
> #include <net/sock.h>
> +#include <net/ipv6.h>
>
> #define RPCDBG_FACILITY RPCDBG_AUTH
>
> @@ -84,7 +85,7 @@ static void svcauth_unix_domain_release(struct auth_domain *dom)
> struct ip_map {
> struct cache_head h;
> char m_class[8]; /* e.g. "nfsd" */
> - struct in_addr m_addr;
> + struct in6_addr m_addr;
> struct unix_domain *m_client;
> int m_add_change;
> };
> @@ -101,7 +102,6 @@ static void ip_map_put(struct kref *kref)
> kfree(im);
> }
>
> -#if IP_HASHBITS == 8
> /* hash_long on a 64 bit machine is currently REALLY BAD for
> * IP addresses in reverse-endian (i.e. on a little-endian machine).
> * So use a trivial but reliable hash instead
> @@ -111,13 +111,20 @@ static inline int hash_ip(__be32 ip)
> int hash = (__force u32)ip ^ ((__force u32)ip>>16);
> return (hash ^ (hash>>8)) & 0xff;
> }
> -#endif
> +
> +static inline int hash_ip6(struct in6_addr *ip6)
> +{
> + return (hash_ip(ip6->s6_addr32[0]) ^
> + hash_ip(ip6->s6_addr32[1]) ^
> + hash_ip(ip6->s6_addr32[2]) ^
> + hash_ip(ip6->s6_addr32[3]));
> +}
> static int ip_map_match(struct cache_head *corig, struct cache_head *cnew)
> {
> struct ip_map *orig = container_of(corig, struct ip_map, h);
> struct ip_map *new = container_of(cnew, struct ip_map, h);
> return strcmp(orig->m_class, new->m_class) == 0
> - && orig->m_addr.s_addr == new->m_addr.s_addr;
> + && ipv6_addr_equal(&orig->m_addr, &new->m_addr);
> }
> static void ip_map_init(struct cache_head *cnew, struct cache_head *citem)
> {
> @@ -125,7 +132,7 @@ static void ip_map_init(struct cache_head *cnew, struct cache_head *citem)
> struct ip_map *item = container_of(citem, struct ip_map, h);
>
> strcpy(new->m_class, item->m_class);
> - new->m_addr.s_addr = item->m_addr.s_addr;
> + ipv6_addr_copy(&new->m_addr, &item->m_addr);
> }
> static void update(struct cache_head *cnew, struct cache_head *citem)
> {
> @@ -149,22 +156,24 @@ static void ip_map_request(struct cache_detail *cd,
> struct cache_head *h,
> char **bpp, int *blen)
> {
> - char text_addr[20];
> + char text_addr[40];
> struct ip_map *im = container_of(h, struct ip_map, h);
> - __be32 addr = im->m_addr.s_addr;
> -
> - snprintf(text_addr, 20, "%u.%u.%u.%u",
> - ntohl(addr) >> 24 & 0xff,
> - ntohl(addr) >> 16 & 0xff,
> - ntohl(addr) >> 8 & 0xff,
> - ntohl(addr) >> 0 & 0xff);
>
> + if (ipv6_addr_v4mapped(&(im->m_addr))) {
> + snprintf(text_addr, 20, NIPQUAD_FMT,
> + ntohl(im->m_addr.s6_addr32[3]) >> 24 & 0xff,
> + ntohl(im->m_addr.s6_addr32[3]) >> 16 & 0xff,
> + ntohl(im->m_addr.s6_addr32[3]) >> 8 & 0xff,
> + ntohl(im->m_addr.s6_addr32[3]) >> 0 & 0xff);
> + } else {
> + snprintf(text_addr, 40, NIP6_FMT, NIP6(im->m_addr));
> + }
> qword_add(bpp, blen, im->m_class);
> qword_add(bpp, blen, text_addr);
> (*bpp)[-1] = '\n';
> }
>
> -static struct ip_map *ip_map_lookup(char *class, struct in_addr addr);
> +static struct ip_map *ip_map_lookup(char *class, struct in6_addr *addr);
> static int ip_map_update(struct ip_map *ipm, struct unix_domain *udom, time_t expiry);
>
> static int ip_map_parse(struct cache_detail *cd,
> @@ -175,10 +184,10 @@ static int ip_map_parse(struct cache_detail *cd,
> * for scratch: */
> char *buf = mesg;
> int len;
> - int b1,b2,b3,b4;
> + int b1, b2, b3, b4, b5, b6, b7, b8;
> char c;
> char class[8];
> - struct in_addr addr;
> + struct in6_addr addr6;
> int err;
>
> struct ip_map *ipmp;
> @@ -197,7 +206,23 @@ static int ip_map_parse(struct cache_detail *cd,
> len = qword_get(&mesg, buf, mlen);
> if (len <= 0) return -EINVAL;
>
> - if (sscanf(buf, "%u.%u.%u.%u%c", &b1, &b2, &b3, &b4, &c) != 4)
> + if (sscanf(buf, NIPQUAD_FMT "%c", &b1, &b2, &b3, &b4, &c) == 4) {
> + addr6.s6_addr32[0] = 0;
> + addr6.s6_addr32[1] = 0;
> + addr6.s6_addr32[2] = htonl(0xffff);
> + addr6.s6_addr32[3] =
> + htonl((((((b1<<8)|b2)<<8)|b3)<<8)|b4);
> + } else if (sscanf(buf, NIP6_FMT "%c",
> + &b1, &b2, &b3, &b4, &b5, &b6, &b7, &b8, &c) == 8) {
> + addr6.s6_addr16[0] = htons(b1);
> + addr6.s6_addr16[1] = htons(b2);
> + addr6.s6_addr16[2] = htons(b3);
> + addr6.s6_addr16[3] = htons(b4);
> + addr6.s6_addr16[4] = htons(b5);
> + addr6.s6_addr16[5] = htons(b6);
> + addr6.s6_addr16[6] = htons(b7);
> + addr6.s6_addr16[7] = htons(b8);
> + } else
> return -EINVAL;
>
> expiry = get_expiry(&mesg);
> @@ -215,10 +240,7 @@ static int ip_map_parse(struct cache_detail *cd,
> } else
> dom = NULL;
>
> - addr.s_addr =
> - htonl((((((b1<<8)|b2)<<8)|b3)<<8)|b4);
> -
> - ipmp = ip_map_lookup(class,addr);
> + ipmp = ip_map_lookup(class, &addr6);
> if (ipmp) {
> err = ip_map_update(ipmp,
> container_of(dom, struct unix_domain, h),
> @@ -238,7 +260,7 @@ static int ip_map_show(struct seq_file *m,
> struct cache_head *h)
> {
> struct ip_map *im;
> - struct in_addr addr;
> + struct in6_addr addr6;
> char *dom = "-no-domain-";
>
> if (h == NULL) {
> @@ -247,20 +269,24 @@ static int ip_map_show(struct seq_file *m,
> }
> im = container_of(h, struct ip_map, h);
> /* class addr domain */
> - addr = im->m_addr;
> + ipv6_addr_copy(&addr6, &im->m_addr);
>
> if (test_bit(CACHE_VALID, &h->flags) &&
> !test_bit(CACHE_NEGATIVE, &h->flags))
> dom = im->m_client->h.name;
>
> - seq_printf(m, "%s %d.%d.%d.%d %s\n",
> - im->m_class,
> - ntohl(addr.s_addr) >> 24 & 0xff,
> - ntohl(addr.s_addr) >> 16 & 0xff,
> - ntohl(addr.s_addr) >> 8 & 0xff,
> - ntohl(addr.s_addr) >> 0 & 0xff,
> - dom
> - );
> + if (ipv6_addr_v4mapped(&addr6)) {
> + seq_printf(m, "%s" NIPQUAD_FMT "%s\n",
> + im->m_class,
> + ntohl(addr6.s6_addr32[3]) >> 24 & 0xff,
> + ntohl(addr6.s6_addr32[3]) >> 16 & 0xff,
> + ntohl(addr6.s6_addr32[3]) >> 8 & 0xff,
> + ntohl(addr6.s6_addr32[3]) >> 0 & 0xff,
> + dom);
> + } else {
> + seq_printf(m, "%s" NIP6_FMT "%s\n",
> + im->m_class, NIP6(addr6), dom);
> + }
> return 0;
> }
>
> @@ -280,16 +306,16 @@ struct cache_detail ip_map_cache = {
> .alloc = ip_map_alloc,
> };
>
> -static struct ip_map *ip_map_lookup(char *class, struct in_addr addr)
> +static struct ip_map *ip_map_lookup(char *class, struct in6_addr *addr)
> {
> struct ip_map ip;
> struct cache_head *ch;
>
> strcpy(ip.m_class, class);
> - ip.m_addr = addr;
> + ipv6_addr_copy(&ip.m_addr, addr);
> ch = sunrpc_cache_lookup(&ip_map_cache, &ip.h,
> hash_str(class, IP_HASHBITS) ^
> - hash_ip(addr.s_addr));
> + hash_ip6(addr));
>
> if (ch)
> return container_of(ch, struct ip_map, h);
> @@ -318,14 +344,14 @@ static int ip_map_update(struct ip_map *ipm, struct unix_domain *udom, time_t ex
> ch = sunrpc_cache_update(&ip_map_cache,
> &ip.h, &ipm->h,
> hash_str(ipm->m_class, IP_HASHBITS) ^
> - hash_ip(ipm->m_addr.s_addr));
> + hash_ip6(&ipm->m_addr));
> if (!ch)
> return -ENOMEM;
> cache_put(ch, &ip_map_cache);
> return 0;
> }
>
> -int auth_unix_add_addr(struct in_addr addr, struct auth_domain *dom)
> +int auth_unix_add_addr(struct in6_addr *addr, struct auth_domain *dom)
> {
> struct unix_domain *udom;
> struct ip_map *ipmp;
> @@ -352,7 +378,7 @@ int auth_unix_forget_old(struct auth_domain *dom)
> return 0;
> }
>
> -struct auth_domain *auth_unix_lookup(struct in_addr addr)
> +struct auth_domain *auth_unix_lookup(struct in6_addr *addr)
> {
> struct ip_map *ipm;
> struct auth_domain *rv;
> @@ -641,9 +667,23 @@ static int unix_gid_find(uid_t uid, struct group_info **gip,
> int
> svcauth_unix_set_client(struct svc_rqst *rqstp)
> {
> - struct sockaddr_in *sin = svc_addr_in(rqstp);
> + struct sockaddr_in *sin;
> + struct sockaddr_in6 *sin6, sin6_storage;
> struct ip_map *ipm;
>
> + switch (rqstp->rq_addr.ss_family) {
> + case AF_INET:
> + sin = svc_addr_in(rqstp);
> + sin6 = &sin6_storage;
> + ipv6_addr_set_v4mapped(sin->sin_addr.s_addr, &sin6->sin6_addr);
> + break;
> + case AF_INET6:
> + sin6 = svc_addr_in6(rqstp);
> + break;
> + default:
> + BUG();
> + }
> +
> rqstp->rq_client = NULL;
> if (rqstp->rq_proc == 0)
> return SVC_OK;
> @@ -651,7 +691,7 @@ svcauth_unix_set_client(struct svc_rqst *rqstp)
> ipm = ip_map_cached_get(rqstp);
> if (ipm == NULL)
> ipm = ip_map_lookup(rqstp->rq_server->sv_program->pg_class,
> - sin->sin_addr);
> + &sin6->sin6_addr);
>
> if (ipm == NULL)
> return SVC_DENIED;
> _______________________________________________
> NFSv4 mailing list
> NFSv4@...ux-nfs.org
> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists