aboutsummaryrefslogtreecommitdiffstats
path: root/net/sunrpc/auth_gss
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2013-02-02 03:25:43 -0500
committerEric W. Biederman <ebiederm@xmission.com>2013-02-13 09:15:21 -0500
commit90602c7b192fdd3e6b7c7623479f4bc86ed7ee34 (patch)
tree2f313b2bc00993566af1dd56e854bf319f4c9c55 /net/sunrpc/auth_gss
parente572fc739822ad779493b8a72bd27f2101fc3373 (diff)
sunrpc: Update gss uid to security context mapping.
- Use from_kuid when generating the on the wire uid values. - Use make_kuid when reading on the wire values. In gss_encode_v0_msg, since the uid in gss_upcall_msg is now a kuid_t generate the necessary uid_t value on the stack copy it into gss_msg->databuf where it can safely live until the message is no longer needed. Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index afbbcfb1078b..a3600671989a 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -395,8 +395,11 @@ gss_upcall_callback(struct rpc_task *task)
395 395
396static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg) 396static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg)
397{ 397{
398 gss_msg->msg.data = &gss_msg->uid; 398 uid_t uid = from_kuid(&init_user_ns, gss_msg->uid);
399 gss_msg->msg.len = sizeof(gss_msg->uid); 399 memcpy(gss_msg->databuf, &uid, sizeof(uid));
400 gss_msg->msg.data = gss_msg->databuf;
401 gss_msg->msg.len = sizeof(uid);
402 BUG_ON(sizeof(uid) > UPCALL_BUF_LEN);
400} 403}
401 404
402static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, 405static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
@@ -409,7 +412,7 @@ static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
409 412
410 gss_msg->msg.len = sprintf(gss_msg->databuf, "mech=%s uid=%d ", 413 gss_msg->msg.len = sprintf(gss_msg->databuf, "mech=%s uid=%d ",
411 mech->gm_name, 414 mech->gm_name,
412 gss_msg->uid); 415 from_kuid(&init_user_ns, gss_msg->uid));
413 p += gss_msg->msg.len; 416 p += gss_msg->msg.len;
414 if (clnt->cl_principal) { 417 if (clnt->cl_principal) {
415 len = sprintf(p, "target=%s ", clnt->cl_principal); 418 len = sprintf(p, "target=%s ", clnt->cl_principal);
@@ -620,7 +623,8 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
620 struct gss_upcall_msg *gss_msg; 623 struct gss_upcall_msg *gss_msg;
621 struct rpc_pipe *pipe = RPC_I(filp->f_dentry->d_inode)->pipe; 624 struct rpc_pipe *pipe = RPC_I(filp->f_dentry->d_inode)->pipe;
622 struct gss_cl_ctx *ctx; 625 struct gss_cl_ctx *ctx;
623 uid_t uid; 626 uid_t id;
627 kuid_t uid;
624 ssize_t err = -EFBIG; 628 ssize_t err = -EFBIG;
625 629
626 if (mlen > MSG_BUF_MAXSIZE) 630 if (mlen > MSG_BUF_MAXSIZE)
@@ -635,12 +639,18 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
635 goto err; 639 goto err;
636 640
637 end = (const void *)((char *)buf + mlen); 641 end = (const void *)((char *)buf + mlen);
638 p = simple_get_bytes(buf, end, &uid, sizeof(uid)); 642 p = simple_get_bytes(buf, end, &id, sizeof(id));
639 if (IS_ERR(p)) { 643 if (IS_ERR(p)) {
640 err = PTR_ERR(p); 644 err = PTR_ERR(p);
641 goto err; 645 goto err;
642 } 646 }
643 647
648 uid = make_kuid(&init_user_ns, id);
649 if (!uid_valid(uid)) {
650 err = -EINVAL;
651 goto err;
652 }
653
644 err = -ENOMEM; 654 err = -ENOMEM;
645 ctx = gss_alloc_context(); 655 ctx = gss_alloc_context();
646 if (ctx == NULL) 656 if (ctx == NULL)
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-30 13:04:06 -0500