aboutsummaryrefslogtreecommitdiffstats
path: root/fs/nfsd/nfs4state.c
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@redhat.com>2012-05-14 21:20:54 -0400
committerJ. Bruce Fields <bfields@redhat.com>2012-05-31 20:29:57 -0400
commit8fbba96e5b327665265ad02b7f331b68536828bf (patch)
tree3a838a9a822042ac0a988e21e4824f64c1ada7f2 /fs/nfsd/nfs4state.c
parent03a4e1f6ddf25f48848e1bddcffc0ad489648331 (diff)
nfsd4: stricter cred comparison for setclientid/exchange_id
The typical setclientid or exchange_id will probably be performed with a credential that maps to either root or nobody, so comparing just uid's is unlikely to be useful. So, use everything else we can get our hands on. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/nfsd/nfs4state.c')
-rw-r--r--fs/nfsd/nfs4state.c22
1 files changed, 21 insertions, 1 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 37bafb290c11..6dc0cfb37541 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -1201,11 +1201,31 @@ same_clid(clientid_t *cl1, clientid_t *cl2)
1201 return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id); 1201 return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id);
1202} 1202}
1203 1203
1204static bool groups_equal(struct group_info *g1, struct group_info *g2)
1205{
1206 int i;
1207
1208 if (g1->ngroups != g2->ngroups)
1209 return false;
1210 for (i=0; i<g1->ngroups; i++)
1211 if (GROUP_AT(g1, i) != GROUP_AT(g2, i))
1212 return false;
1213 return true;
1214}
1215
1204/* XXX what about NGROUP */ 1216/* XXX what about NGROUP */
1205static int 1217static int
1206same_creds(struct svc_cred *cr1, struct svc_cred *cr2) 1218same_creds(struct svc_cred *cr1, struct svc_cred *cr2)
1207{ 1219{
1208 return cr1->cr_uid == cr2->cr_uid; 1220 if ((cr1->cr_uid != cr2->cr_uid)
1221 || (cr1->cr_gid != cr2->cr_gid)
1222 || !groups_equal(cr1->cr_group_info, cr2->cr_group_info))
1223 return false;
1224 if (cr1->cr_principal == cr2->cr_principal)
1225 return true;
1226 if (!cr1->cr_principal || !cr2->cr_principal)
1227 return false;
1228 return 0 == strcmp(cr1->cr_principal, cr1->cr_principal);
1209} 1229}
1210 1230
1211static void gen_clid(struct nfs4_client *clp) 1231static void gen_clid(struct nfs4_client *clp)