diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:16 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:16 -0500 |
| commit | b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch) | |
| tree | 9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /fs/nfsd | |
| parent | 15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff) | |
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.
Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.
With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/nfsd')
| -rw-r--r-- | fs/nfsd/auth.c | 22 | ||||
| -rw-r--r-- | fs/nfsd/nfs4recover.c | 12 | ||||
| -rw-r--r-- | fs/nfsd/nfsfh.c | 6 |
3 files changed, 21 insertions, 19 deletions
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index 294992e9bf69..808fc03a6fbd 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c | |||
| @@ -27,6 +27,7 @@ int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp) | |||
| 27 | 27 | ||
| 28 | int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) | 28 | int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) |
| 29 | { | 29 | { |
| 30 | struct cred *act_as = current->cred ; | ||
| 30 | struct svc_cred cred = rqstp->rq_cred; | 31 | struct svc_cred cred = rqstp->rq_cred; |
| 31 | int i; | 32 | int i; |
| 32 | int flags = nfsexp_flags(rqstp, exp); | 33 | int flags = nfsexp_flags(rqstp, exp); |
| @@ -55,25 +56,26 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) | |||
| 55 | get_group_info(cred.cr_group_info); | 56 | get_group_info(cred.cr_group_info); |
| 56 | 57 | ||
| 57 | if (cred.cr_uid != (uid_t) -1) | 58 | if (cred.cr_uid != (uid_t) -1) |
| 58 | current->fsuid = cred.cr_uid; | 59 | act_as->fsuid = cred.cr_uid; |
| 59 | else | 60 | else |
| 60 | current->fsuid = exp->ex_anon_uid; | 61 | act_as->fsuid = exp->ex_anon_uid; |
| 61 | if (cred.cr_gid != (gid_t) -1) | 62 | if (cred.cr_gid != (gid_t) -1) |
| 62 | current->fsgid = cred.cr_gid; | 63 | act_as->fsgid = cred.cr_gid; |
| 63 | else | 64 | else |
| 64 | current->fsgid = exp->ex_anon_gid; | 65 | act_as->fsgid = exp->ex_anon_gid; |
| 65 | 66 | ||
| 66 | if (!cred.cr_group_info) | 67 | if (!cred.cr_group_info) |
| 67 | return -ENOMEM; | 68 | return -ENOMEM; |
| 68 | ret = set_current_groups(cred.cr_group_info); | 69 | ret = set_groups(act_as, cred.cr_group_info); |
| 69 | put_group_info(cred.cr_group_info); | 70 | put_group_info(cred.cr_group_info); |
| 70 | if ((cred.cr_uid)) { | 71 | if ((cred.cr_uid)) { |
| 71 | current->cap_effective = | 72 | act_as->cap_effective = |
| 72 | cap_drop_nfsd_set(current->cap_effective); | 73 | cap_drop_nfsd_set(act_as->cap_effective); |
| 73 | } else { | 74 | } else { |
| 74 | current->cap_effective = | 75 | act_as->cap_effective = |
| 75 | cap_raise_nfsd_set(current->cap_effective, | 76 | cap_raise_nfsd_set(act_as->cap_effective, |
| 76 | current->cap_permitted); | 77 | act_as->cap_permitted); |
| 77 | } | 78 | } |
| 78 | return ret; | 79 | return ret; |
| 79 | } | 80 | } |
| 81 | |||
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index bb93946ace22..a5e14e8695ea 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c | |||
| @@ -57,17 +57,17 @@ static int rec_dir_init = 0; | |||
| 57 | static void | 57 | static void |
| 58 | nfs4_save_user(uid_t *saveuid, gid_t *savegid) | 58 | nfs4_save_user(uid_t *saveuid, gid_t *savegid) |
| 59 | { | 59 | { |
| 60 | *saveuid = current->fsuid; | 60 | *saveuid = current->cred->fsuid; |
| 61 | *savegid = current->fsgid; | 61 | *savegid = current->cred->fsgid; |
| 62 | current->fsuid = 0; | 62 | current->cred->fsuid = 0; |
| 63 | current->fsgid = 0; | 63 | current->cred->fsgid = 0; |
| 64 | } | 64 | } |
| 65 | 65 | ||
| 66 | static void | 66 | static void |
| 67 | nfs4_reset_user(uid_t saveuid, gid_t savegid) | 67 | nfs4_reset_user(uid_t saveuid, gid_t savegid) |
| 68 | { | 68 | { |
| 69 | current->fsuid = saveuid; | 69 | current->cred->fsuid = saveuid; |
| 70 | current->fsgid = savegid; | 70 | current->cred->fsgid = savegid; |
| 71 | } | 71 | } |
| 72 | 72 | ||
| 73 | static void | 73 | static void |
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index cd25d91895a1..e67cfaea0865 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c | |||
| @@ -186,9 +186,9 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp) | |||
| 186 | * access control settings being in effect, we cannot | 186 | * access control settings being in effect, we cannot |
| 187 | * fix that case easily. | 187 | * fix that case easily. |
| 188 | */ | 188 | */ |
| 189 | current->cap_effective = | 189 | current->cred->cap_effective = |
| 190 | cap_raise_nfsd_set(current->cap_effective, | 190 | cap_raise_nfsd_set(current->cred->cap_effective, |
| 191 | current->cap_permitted); | 191 | current->cred->cap_permitted); |
| 192 | } else { | 192 | } else { |
| 193 | error = nfsd_setuser_and_check_port(rqstp, exp); | 193 | error = nfsd_setuser_and_check_port(rqstp, exp); |
| 194 | if (error) | 194 | if (error) |