diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2011-11-14 18:56:38 -0500 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-05-03 06:27:21 -0400 |
commit | ae2975bc3476243b45a1e2344236d7920c268f38 (patch) | |
tree | e4b2a8472f6047734b6e7e2bdc994375b2790323 /net/sunrpc/svcauth_unix.c | |
parent | 22d917d80e842829d0ca0a561967d728eb1d6303 (diff) |
userns: Convert group_info values from gid_t to kgid_t.
As a first step to converting struct cred to be all kuid_t and kgid_t
values convert the group values stored in group_info to always be
kgid_t values. Unless user namespaces are used this change should
have no effect.
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'net/sunrpc/svcauth_unix.c')
-rw-r--r-- | net/sunrpc/svcauth_unix.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c index 521d8f7dc833..71ec8530ec8c 100644 --- a/net/sunrpc/svcauth_unix.c +++ b/net/sunrpc/svcauth_unix.c | |||
@@ -14,6 +14,7 @@ | |||
14 | #include <net/sock.h> | 14 | #include <net/sock.h> |
15 | #include <net/ipv6.h> | 15 | #include <net/ipv6.h> |
16 | #include <linux/kernel.h> | 16 | #include <linux/kernel.h> |
17 | #include <linux/user_namespace.h> | ||
17 | #define RPCDBG_FACILITY RPCDBG_AUTH | 18 | #define RPCDBG_FACILITY RPCDBG_AUTH |
18 | 19 | ||
19 | #include <linux/sunrpc/clnt.h> | 20 | #include <linux/sunrpc/clnt.h> |
@@ -530,11 +531,15 @@ static int unix_gid_parse(struct cache_detail *cd, | |||
530 | 531 | ||
531 | for (i = 0 ; i < gids ; i++) { | 532 | for (i = 0 ; i < gids ; i++) { |
532 | int gid; | 533 | int gid; |
534 | kgid_t kgid; | ||
533 | rv = get_int(&mesg, &gid); | 535 | rv = get_int(&mesg, &gid); |
534 | err = -EINVAL; | 536 | err = -EINVAL; |
535 | if (rv) | 537 | if (rv) |
536 | goto out; | 538 | goto out; |
537 | GROUP_AT(ug.gi, i) = gid; | 539 | kgid = make_kgid(&init_user_ns, gid); |
540 | if (!gid_valid(kgid)) | ||
541 | goto out; | ||
542 | GROUP_AT(ug.gi, i) = kgid; | ||
538 | } | 543 | } |
539 | 544 | ||
540 | ugp = unix_gid_lookup(cd, uid); | 545 | ugp = unix_gid_lookup(cd, uid); |
@@ -563,6 +568,7 @@ static int unix_gid_show(struct seq_file *m, | |||
563 | struct cache_detail *cd, | 568 | struct cache_detail *cd, |
564 | struct cache_head *h) | 569 | struct cache_head *h) |
565 | { | 570 | { |
571 | struct user_namespace *user_ns = current_user_ns(); | ||
566 | struct unix_gid *ug; | 572 | struct unix_gid *ug; |
567 | int i; | 573 | int i; |
568 | int glen; | 574 | int glen; |
@@ -580,7 +586,7 @@ static int unix_gid_show(struct seq_file *m, | |||
580 | 586 | ||
581 | seq_printf(m, "%u %d:", ug->uid, glen); | 587 | seq_printf(m, "%u %d:", ug->uid, glen); |
582 | for (i = 0; i < glen; i++) | 588 | for (i = 0; i < glen; i++) |
583 | seq_printf(m, " %d", GROUP_AT(ug->gi, i)); | 589 | seq_printf(m, " %d", from_kgid_munged(user_ns, GROUP_AT(ug->gi, i))); |
584 | seq_printf(m, "\n"); | 590 | seq_printf(m, "\n"); |
585 | return 0; | 591 | return 0; |
586 | } | 592 | } |
@@ -831,8 +837,12 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp) | |||
831 | cred->cr_group_info = groups_alloc(slen); | 837 | cred->cr_group_info = groups_alloc(slen); |
832 | if (cred->cr_group_info == NULL) | 838 | if (cred->cr_group_info == NULL) |
833 | return SVC_CLOSE; | 839 | return SVC_CLOSE; |
834 | for (i = 0; i < slen; i++) | 840 | for (i = 0; i < slen; i++) { |
835 | GROUP_AT(cred->cr_group_info, i) = svc_getnl(argv); | 841 | kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv)); |
842 | if (!gid_valid(kgid)) | ||
843 | goto badcred; | ||
844 | GROUP_AT(cred->cr_group_info, i) = kgid; | ||
845 | } | ||
836 | if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { | 846 | if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { |
837 | *authp = rpc_autherr_badverf; | 847 | *authp = rpc_autherr_badverf; |
838 | return SVC_DENIED; | 848 | return SVC_DENIED; |