License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that became
the concluded license(s).
- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-01 08:07:57 -06:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
2005-04-16 16:20:36 -06:00
|
|
|
/*
|
|
|
|
|
* linux/include/linux/sunrpc/svcauth.h
|
|
|
|
|
*
|
|
|
|
|
* RPC server-side authentication stuff.
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef _LINUX_SUNRPC_SVCAUTH_H_
|
|
|
|
|
#define _LINUX_SUNRPC_SVCAUTH_H_
|
|
|
|
|
|
|
|
|
|
#ifdef __KERNEL__
|
|
|
|
|
|
|
|
|
|
#include <linux/string.h>
|
|
|
|
|
#include <linux/sunrpc/msg_prot.h>
|
|
|
|
|
#include <linux/sunrpc/cache.h>
|
2013-05-14 14:07:13 -06:00
|
|
|
#include <linux/sunrpc/gss_api.h>
|
2005-04-16 16:20:36 -06:00
|
|
|
#include <linux/hash.h>
|
2016-05-20 11:31:33 -06:00
|
|
|
#include <linux/stringhash.h>
|
2012-05-14 17:55:22 -06:00
|
|
|
#include <linux/cred.h>
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
struct svc_cred {
|
2013-02-01 17:31:17 -07:00
|
|
|
kuid_t cr_uid;
|
|
|
|
|
kgid_t cr_gid;
|
2005-04-16 16:20:36 -06:00
|
|
|
struct group_info *cr_group_info;
|
2012-05-14 20:06:49 -06:00
|
|
|
u32 cr_flavor; /* pseudoflavor */
|
2015-11-20 08:48:02 -07:00
|
|
|
/* name of form servicetype/hostname@REALM, passed down by
|
|
|
|
|
* gss-proxy: */
|
|
|
|
|
char *cr_raw_principal;
|
|
|
|
|
/* name of form servicetype@hostname, passed down by
|
|
|
|
|
* rpc.svcgssd, or computed from the above: */
|
|
|
|
|
char *cr_principal;
|
2018-08-16 10:05:59 -06:00
|
|
|
char *cr_targ_princ;
|
2013-05-14 14:07:13 -06:00
|
|
|
struct gss_api_mech *cr_gss_mech;
|
2005-04-16 16:20:36 -06:00
|
|
|
};
|
|
|
|
|
|
2013-05-14 14:53:40 -06:00
|
|
|
static inline void init_svc_cred(struct svc_cred *cred)
|
|
|
|
|
{
|
|
|
|
|
cred->cr_group_info = NULL;
|
2015-11-20 08:48:02 -07:00
|
|
|
cred->cr_raw_principal = NULL;
|
2013-05-14 14:53:40 -06:00
|
|
|
cred->cr_principal = NULL;
|
2018-08-16 10:05:59 -06:00
|
|
|
cred->cr_targ_princ = NULL;
|
2013-05-14 14:53:40 -06:00
|
|
|
cred->cr_gss_mech = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2012-05-14 17:55:22 -06:00
|
|
|
static inline void free_svc_cred(struct svc_cred *cred)
|
|
|
|
|
{
|
|
|
|
|
if (cred->cr_group_info)
|
|
|
|
|
put_group_info(cred->cr_group_info);
|
2015-11-20 08:48:02 -07:00
|
|
|
kfree(cred->cr_raw_principal);
|
2012-05-14 17:55:22 -06:00
|
|
|
kfree(cred->cr_principal);
|
2018-08-16 10:05:59 -06:00
|
|
|
kfree(cred->cr_targ_princ);
|
2013-05-14 14:07:13 -06:00
|
|
|
gss_mech_put(cred->cr_gss_mech);
|
|
|
|
|
init_svc_cred(cred);
|
2012-05-14 17:55:22 -06:00
|
|
|
}
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
struct svc_rqst; /* forward decl */
|
2008-01-18 07:50:56 -07:00
|
|
|
struct in6_addr;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
/* Authentication is done in the context of a domain.
|
|
|
|
|
*
|
|
|
|
|
* Currently, the nfs server uses the auth_domain to stand
|
|
|
|
|
* for the "client" listed in /etc/exports.
|
|
|
|
|
*
|
|
|
|
|
* More generally, a domain might represent a group of clients using
|
|
|
|
|
* a common mechanism for authentication and having a common mapping
|
|
|
|
|
* between local identity (uid) and network identity. All clients
|
|
|
|
|
* in a domain have similar general access rights. Each domain can
|
|
|
|
|
* contain multiple principals which will have different specific right
|
|
|
|
|
* based on normal Discretionary Access Control.
|
|
|
|
|
*
|
|
|
|
|
* A domain is created by an authentication flavour module based on name
|
|
|
|
|
* only. Userspace then fills in detail on demand.
|
|
|
|
|
*
|
|
|
|
|
* In the case of auth_unix and auth_null, the auth_domain is also
|
|
|
|
|
* associated with entries in another cache representing the mapping
|
|
|
|
|
* of ip addresses to the given client.
|
|
|
|
|
*/
|
|
|
|
|
struct auth_domain {
|
2006-03-27 02:14:59 -07:00
|
|
|
struct kref ref;
|
|
|
|
|
struct hlist_node hash;
|
2005-04-16 16:20:36 -06:00
|
|
|
char *name;
|
2006-03-27 02:14:59 -07:00
|
|
|
struct auth_ops *flavour;
|
2018-10-01 08:41:44 -06:00
|
|
|
struct rcu_head rcu_head;
|
2005-04-16 16:20:36 -06:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Each authentication flavour registers an auth_ops
|
|
|
|
|
* structure.
|
|
|
|
|
* name is simply the name.
|
|
|
|
|
* flavour gives the auth flavour. It determines where the flavour is registered
|
|
|
|
|
* accept() is given a request and should verify it.
|
|
|
|
|
* It should inspect the authenticator and verifier, and possibly the data.
|
|
|
|
|
* If there is a problem with the authentication *authp should be set.
|
|
|
|
|
* The return value of accept() can indicate:
|
|
|
|
|
* OK - authorised. client and credential are set in rqstp.
|
|
|
|
|
* reqbuf points to arguments
|
|
|
|
|
* resbuf points to good place for results. verfier
|
|
|
|
|
* is (probably) already in place. Certainly space is
|
|
|
|
|
* reserved for it.
|
|
|
|
|
* DROP - simply drop the request. It may have been deferred
|
|
|
|
|
* GARBAGE - rpc garbage_args error
|
|
|
|
|
* SYSERR - rpc system_err error
|
|
|
|
|
* DENIED - authp holds reason for denial.
|
|
|
|
|
* COMPLETE - the reply is encoded already and ready to be sent; no
|
|
|
|
|
* further processing is necessary. (This is used for processing
|
|
|
|
|
* null procedure calls which are used to set up encryption
|
|
|
|
|
* contexts.)
|
|
|
|
|
*
|
|
|
|
|
* accept is passed the proc number so that it can accept NULL rpc requests
|
|
|
|
|
* even if it cannot authenticate the client (as is sometimes appropriate).
|
|
|
|
|
*
|
|
|
|
|
* release() is given a request after the procedure has been run.
|
|
|
|
|
* It should sign/encrypt the results if needed
|
|
|
|
|
* It should return:
|
|
|
|
|
* OK - the resbuf is ready to be sent
|
|
|
|
|
* DROP - the reply should be quitely dropped
|
|
|
|
|
* DENIED - authp holds a reason for MSG_DENIED
|
|
|
|
|
* SYSERR - rpc system_err
|
|
|
|
|
*
|
|
|
|
|
* domain_release()
|
|
|
|
|
* This call releases a domain.
|
2006-03-27 02:14:59 -07:00
|
|
|
* set_client()
|
|
|
|
|
* Givens a pending request (struct svc_rqst), finds and assigns
|
|
|
|
|
* an appropriate 'auth_domain' as the client.
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
|
|
|
|
struct auth_ops {
|
|
|
|
|
char * name;
|
|
|
|
|
struct module *owner;
|
|
|
|
|
int flavour;
|
2006-09-26 23:29:38 -06:00
|
|
|
int (*accept)(struct svc_rqst *rq, __be32 *authp);
|
2005-04-16 16:20:36 -06:00
|
|
|
int (*release)(struct svc_rqst *rq);
|
|
|
|
|
void (*domain_release)(struct auth_domain *);
|
|
|
|
|
int (*set_client)(struct svc_rqst *rq);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define SVC_GARBAGE 1
|
|
|
|
|
#define SVC_SYSERR 2
|
|
|
|
|
#define SVC_VALID 3
|
|
|
|
|
#define SVC_NEGATIVE 4
|
|
|
|
|
#define SVC_OK 5
|
|
|
|
|
#define SVC_DROP 6
|
2010-08-12 01:04:07 -06:00
|
|
|
#define SVC_CLOSE 7 /* Like SVC_DROP, but request is definitely
|
|
|
|
|
* lost so if there is a tcp connection, it
|
|
|
|
|
* should be closed
|
|
|
|
|
*/
|
|
|
|
|
#define SVC_DENIED 8
|
|
|
|
|
#define SVC_PENDING 9
|
|
|
|
|
#define SVC_COMPLETE 10
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2010-09-27 03:58:42 -06:00
|
|
|
struct svc_xprt;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2006-09-26 23:29:38 -06:00
|
|
|
extern int svc_authenticate(struct svc_rqst *rqstp, __be32 *authp);
|
2005-04-16 16:20:36 -06:00
|
|
|
extern int svc_authorise(struct svc_rqst *rqstp);
|
|
|
|
|
extern int svc_set_client(struct svc_rqst *rqstp);
|
|
|
|
|
extern int svc_auth_register(rpc_authflavor_t flavor, struct auth_ops *aops);
|
|
|
|
|
extern void svc_auth_unregister(rpc_authflavor_t flavor);
|
|
|
|
|
|
|
|
|
|
extern struct auth_domain *unix_domain_find(char *name);
|
|
|
|
|
extern void auth_domain_put(struct auth_domain *item);
|
2010-09-27 03:59:48 -06:00
|
|
|
extern int auth_unix_add_addr(struct net *net, struct in6_addr *addr, struct auth_domain *dom);
|
2006-03-27 02:14:59 -07:00
|
|
|
extern struct auth_domain *auth_domain_lookup(char *name, struct auth_domain *new);
|
2005-04-16 16:20:36 -06:00
|
|
|
extern struct auth_domain *auth_domain_find(char *name);
|
2010-09-27 03:59:48 -06:00
|
|
|
extern struct auth_domain *auth_unix_lookup(struct net *net, struct in6_addr *addr);
|
2005-04-16 16:20:36 -06:00
|
|
|
extern int auth_unix_forget_old(struct auth_domain *dom);
|
2012-04-11 05:13:28 -06:00
|
|
|
extern void svcauth_unix_purge(struct net *net);
|
2010-09-27 03:58:42 -06:00
|
|
|
extern void svcauth_unix_info_release(struct svc_xprt *xpt);
|
knfsd: nfsd: set rq_client to ip-address-determined-domain
We want it to be possible for users to restrict exports both by IP address and
by pseudoflavor. The pseudoflavor information has previously been passed
using special auth_domains stored in the rq_client field. After the preceding
patch that stored the pseudoflavor in rq_pflavor, that's now superfluous; so
now we use rq_client for the ip information, as auth_null and auth_unix do.
However, we keep around the special auth_domain in the rq_gssclient field for
backwards compatibility purposes, so we can still do upcalls using the old
"gss/pseudoflavor" auth_domain if upcalls using the unix domain to give us an
appropriate export. This allows us to continue supporting old mountd.
In fact, for this first patch, we always use the "gss/pseudoflavor"
auth_domain (and only it) if it is available; thus rq_client is ignored in the
auth_gss case, and this patch on its own makes no change in behavior; that
will be left to later patches.
Note on idmap: I'm almost tempted to just replace the auth_domain in the idmap
upcall by a dummy value--no version of idmapd has ever used it, and it's
unlikely anyone really wants to perform idmapping differently depending on the
where the client is (they may want to perform *credential* mapping
differently, but that's a different matter--the idmapper just handles id's
used in getattr and setattr). But I'm updating the idmapd code anyway, just
out of general backwards-compatibility paranoia.
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-17 05:04:46 -06:00
|
|
|
extern int svcauth_unix_set_client(struct svc_rqst *rqstp);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2012-03-11 13:22:54 -06:00
|
|
|
extern int unix_gid_cache_create(struct net *net);
|
|
|
|
|
extern void unix_gid_cache_destroy(struct net *net);
|
|
|
|
|
|
2016-05-20 11:31:33 -06:00
|
|
|
/*
|
|
|
|
|
* The <stringhash.h> functions are good enough that we don't need to
|
|
|
|
|
* use hash_32() on them; just extracting the high bits is enough.
|
|
|
|
|
*/
|
|
|
|
|
static inline unsigned long hash_str(char const *name, int bits)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2016-06-10 08:51:30 -06:00
|
|
|
return hashlen_hash(hashlen_string(NULL, name)) >> (32 - bits);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2016-05-20 11:31:33 -06:00
|
|
|
static inline unsigned long hash_mem(char const *buf, int length, int bits)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2016-06-10 08:51:30 -06:00
|
|
|
return full_name_hash(NULL, buf, length) >> (32 - bits);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif /* __KERNEL__ */
|
|
|
|
|
|
|
|
|
|
#endif /* _LINUX_SUNRPC_SVCAUTH_H_ */
|