Merge branch 'for-3.10' of git://linux-nfs.org/~bfields/linux
Pull nfsd fixes from Bruce Fields: "A couple minor fixes for the (new to 3.10) gss-proxy code. And one regression from user-namespace changes. (XBMC clients were doing something admittedly weird--sending -1 gid's--but something that we used to allow.)" * 'for-3.10' of git://linux-nfs.org/~bfields/linux: svcrpc: fix failures to handle -1 uid's and gid's svcrpc: implement O_NONBLOCK behavior for use-gss-proxy svcauth_gss: fix error code in use_gss_proxy()
This commit is contained in:
commit
4203afc3fb
2 changed files with 12 additions and 8 deletions
|
@ -1287,7 +1287,7 @@ static bool use_gss_proxy(struct net *net)
|
||||||
|
|
||||||
#ifdef CONFIG_PROC_FS
|
#ifdef CONFIG_PROC_FS
|
||||||
|
|
||||||
static bool set_gss_proxy(struct net *net, int type)
|
static int set_gss_proxy(struct net *net, int type)
|
||||||
{
|
{
|
||||||
struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
|
struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
@ -1317,10 +1317,12 @@ static inline bool gssp_ready(struct sunrpc_net *sn)
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int wait_for_gss_proxy(struct net *net)
|
static int wait_for_gss_proxy(struct net *net, struct file *file)
|
||||||
{
|
{
|
||||||
struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
|
struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
|
||||||
|
|
||||||
|
if (file->f_flags & O_NONBLOCK && !gssp_ready(sn))
|
||||||
|
return -EAGAIN;
|
||||||
return wait_event_interruptible(sn->gssp_wq, gssp_ready(sn));
|
return wait_event_interruptible(sn->gssp_wq, gssp_ready(sn));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1362,7 +1364,7 @@ static ssize_t read_gssp(struct file *file, char __user *buf,
|
||||||
size_t len;
|
size_t len;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
ret = wait_for_gss_proxy(net);
|
ret = wait_for_gss_proxy(net, file);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
|
|
@ -810,11 +810,15 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
|
||||||
goto badcred;
|
goto badcred;
|
||||||
argv->iov_base = (void*)((__be32*)argv->iov_base + slen); /* skip machname */
|
argv->iov_base = (void*)((__be32*)argv->iov_base + slen); /* skip machname */
|
||||||
argv->iov_len -= slen*4;
|
argv->iov_len -= slen*4;
|
||||||
|
/*
|
||||||
|
* Note: we skip uid_valid()/gid_valid() checks here for
|
||||||
|
* backwards compatibility with clients that use -1 id's.
|
||||||
|
* Instead, -1 uid or gid is later mapped to the
|
||||||
|
* (export-specific) anonymous id by nfsd_setuser.
|
||||||
|
* Supplementary gid's will be left alone.
|
||||||
|
*/
|
||||||
cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */
|
cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */
|
||||||
cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */
|
cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */
|
||||||
if (!uid_valid(cred->cr_uid) || !gid_valid(cred->cr_gid))
|
|
||||||
goto badcred;
|
|
||||||
slen = svc_getnl(argv); /* gids length */
|
slen = svc_getnl(argv); /* gids length */
|
||||||
if (slen > 16 || (len -= (slen + 2)*4) < 0)
|
if (slen > 16 || (len -= (slen + 2)*4) < 0)
|
||||||
goto badcred;
|
goto badcred;
|
||||||
|
@ -823,8 +827,6 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
|
||||||
return SVC_CLOSE;
|
return SVC_CLOSE;
|
||||||
for (i = 0; i < slen; i++) {
|
for (i = 0; i < slen; i++) {
|
||||||
kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv));
|
kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv));
|
||||||
if (!gid_valid(kgid))
|
|
||||||
goto badcred;
|
|
||||||
GROUP_AT(cred->cr_group_info, i) = kgid;
|
GROUP_AT(cred->cr_group_info, i) = kgid;
|
||||||
}
|
}
|
||||||
if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {
|
if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {
|
||||||
|
|
Loading…
Reference in a new issue