diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2013-02-02 04:40:53 -0500 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2013-02-13 09:15:22 -0500 |
| commit | 683428fae8c73d7d7da0fa2e0b6beb4d8df4e808 (patch) | |
| tree | 7ae1636e56ab6616ca7cde9532fe584627c4a474 | |
| parent | 90602c7b192fdd3e6b7c7623479f4bc86ed7ee34 (diff) | |
sunrpc: Update svcgss xdr handle to rpsec_contect cache
For each received uid call make_kuid and validate the result.
For each received gid call make_kgid and validate the result.
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
| -rw-r--r-- | net/sunrpc/auth_gss/svcauth_gss.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index 73e957386600..ecd1d58bf611 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c | |||
| @@ -418,6 +418,7 @@ static int rsc_parse(struct cache_detail *cd, | |||
| 418 | { | 418 | { |
| 419 | /* contexthandle expiry [ uid gid N <n gids> mechname ...mechdata... ] */ | 419 | /* contexthandle expiry [ uid gid N <n gids> mechname ...mechdata... ] */ |
| 420 | char *buf = mesg; | 420 | char *buf = mesg; |
| 421 | int id; | ||
| 421 | int len, rv; | 422 | int len, rv; |
| 422 | struct rsc rsci, *rscp = NULL; | 423 | struct rsc rsci, *rscp = NULL; |
| 423 | time_t expiry; | 424 | time_t expiry; |
| @@ -444,7 +445,7 @@ static int rsc_parse(struct cache_detail *cd, | |||
| 444 | goto out; | 445 | goto out; |
| 445 | 446 | ||
| 446 | /* uid, or NEGATIVE */ | 447 | /* uid, or NEGATIVE */ |
| 447 | rv = get_int(&mesg, &rsci.cred.cr_uid); | 448 | rv = get_int(&mesg, &id); |
| 448 | if (rv == -EINVAL) | 449 | if (rv == -EINVAL) |
| 449 | goto out; | 450 | goto out; |
| 450 | if (rv == -ENOENT) | 451 | if (rv == -ENOENT) |
| @@ -452,8 +453,16 @@ static int rsc_parse(struct cache_detail *cd, | |||
| 452 | else { | 453 | else { |
| 453 | int N, i; | 454 | int N, i; |
| 454 | 455 | ||
| 456 | /* uid */ | ||
| 457 | rsci.cred.cr_uid = make_kuid(&init_user_ns, id); | ||
| 458 | if (!uid_valid(rsci.cred.cr_uid)) | ||
| 459 | goto out; | ||
| 460 | |||
| 455 | /* gid */ | 461 | /* gid */ |
| 456 | if (get_int(&mesg, &rsci.cred.cr_gid)) | 462 | if (get_int(&mesg, &id)) |
| 463 | goto out; | ||
| 464 | rsci.cred.cr_gid = make_kgid(&init_user_ns, id); | ||
| 465 | if (!gid_valid(rsci.cred.cr_gid)) | ||
| 457 | goto out; | 466 | goto out; |
| 458 | 467 | ||
| 459 | /* number of additional gid's */ | 468 | /* number of additional gid's */ |
| @@ -467,11 +476,10 @@ static int rsc_parse(struct cache_detail *cd, | |||
| 467 | /* gid's */ | 476 | /* gid's */ |
| 468 | status = -EINVAL; | 477 | status = -EINVAL; |
| 469 | for (i=0; i<N; i++) { | 478 | for (i=0; i<N; i++) { |
| 470 | gid_t gid; | ||
| 471 | kgid_t kgid; | 479 | kgid_t kgid; |
| 472 | if (get_int(&mesg, &gid)) | 480 | if (get_int(&mesg, &id)) |
| 473 | goto out; | 481 | goto out; |
| 474 | kgid = make_kgid(&init_user_ns, gid); | 482 | kgid = make_kgid(&init_user_ns, id); |
| 475 | if (!gid_valid(kgid)) | 483 | if (!gid_valid(kgid)) |
| 476 | goto out; | 484 | goto out; |
| 477 | GROUP_AT(rsci.cred.cr_group_info, i) = kgid; | 485 | GROUP_AT(rsci.cred.cr_group_info, i) = kgid; |