diff options
author | J. Bruce Fields <bfields@redhat.com> | 2012-05-14 21:20:54 -0400 |
---|---|---|
committer | J. Bruce Fields <bfields@redhat.com> | 2012-05-31 20:29:57 -0400 |
commit | 8fbba96e5b327665265ad02b7f331b68536828bf (patch) | |
tree | 3a838a9a822042ac0a988e21e4824f64c1ada7f2 /fs/nfsd/nfs4state.c | |
parent | 03a4e1f6ddf25f48848e1bddcffc0ad489648331 (diff) |
nfsd4: stricter cred comparison for setclientid/exchange_id
The typical setclientid or exchange_id will probably be performed with a
credential that maps to either root or nobody, so comparing just uid's
is unlikely to be useful. So, use everything else we can get our hands
on.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/nfsd/nfs4state.c')
-rw-r--r-- | fs/nfsd/nfs4state.c | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 37bafb290c11..6dc0cfb37541 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c | |||
@@ -1201,11 +1201,31 @@ same_clid(clientid_t *cl1, clientid_t *cl2) | |||
1201 | return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id); | 1201 | return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id); |
1202 | } | 1202 | } |
1203 | 1203 | ||
1204 | static bool groups_equal(struct group_info *g1, struct group_info *g2) | ||
1205 | { | ||
1206 | int i; | ||
1207 | |||
1208 | if (g1->ngroups != g2->ngroups) | ||
1209 | return false; | ||
1210 | for (i=0; i<g1->ngroups; i++) | ||
1211 | if (GROUP_AT(g1, i) != GROUP_AT(g2, i)) | ||
1212 | return false; | ||
1213 | return true; | ||
1214 | } | ||
1215 | |||
1204 | /* XXX what about NGROUP */ | 1216 | /* XXX what about NGROUP */ |
1205 | static int | 1217 | static int |
1206 | same_creds(struct svc_cred *cr1, struct svc_cred *cr2) | 1218 | same_creds(struct svc_cred *cr1, struct svc_cred *cr2) |
1207 | { | 1219 | { |
1208 | return cr1->cr_uid == cr2->cr_uid; | 1220 | if ((cr1->cr_uid != cr2->cr_uid) |
1221 | || (cr1->cr_gid != cr2->cr_gid) | ||
1222 | || !groups_equal(cr1->cr_group_info, cr2->cr_group_info)) | ||
1223 | return false; | ||
1224 | if (cr1->cr_principal == cr2->cr_principal) | ||
1225 | return true; | ||
1226 | if (!cr1->cr_principal || !cr2->cr_principal) | ||
1227 | return false; | ||
1228 | return 0 == strcmp(cr1->cr_principal, cr1->cr_principal); | ||
1209 | } | 1229 | } |
1210 | 1230 | ||
1211 | static void gen_clid(struct nfs4_client *clp) | 1231 | static void gen_clid(struct nfs4_client *clp) |