aboutsummaryrefslogtreecommitdiffstats
path: root/net/sunrpc/svcauth_unix.c
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2011-11-14 18:56:38 -0500
committerEric W. Biederman <ebiederm@xmission.com>2012-05-03 06:27:21 -0400
commitae2975bc3476243b45a1e2344236d7920c268f38 (patch)
treee4b2a8472f6047734b6e7e2bdc994375b2790323 /net/sunrpc/svcauth_unix.c
parent22d917d80e842829d0ca0a561967d728eb1d6303 (diff)
userns: Convert group_info values from gid_t to kgid_t.
As a first step to converting struct cred to be all kuid_t and kgid_t values convert the group values stored in group_info to always be kgid_t values. Unless user namespaces are used this change should have no effect. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'net/sunrpc/svcauth_unix.c')
-rw-r--r--net/sunrpc/svcauth_unix.c18
1 files changed, 14 insertions, 4 deletions
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
index 521d8f7dc833..71ec8530ec8c 100644
--- a/net/sunrpc/svcauth_unix.c
+++ b/net/sunrpc/svcauth_unix.c
@@ -14,6 +14,7 @@
14#include <net/sock.h> 14#include <net/sock.h>
15#include <net/ipv6.h> 15#include <net/ipv6.h>
16#include <linux/kernel.h> 16#include <linux/kernel.h>
17#include <linux/user_namespace.h>
17#define RPCDBG_FACILITY RPCDBG_AUTH 18#define RPCDBG_FACILITY RPCDBG_AUTH
18 19
19#include <linux/sunrpc/clnt.h> 20#include <linux/sunrpc/clnt.h>
@@ -530,11 +531,15 @@ static int unix_gid_parse(struct cache_detail *cd,
530 531
531 for (i = 0 ; i < gids ; i++) { 532 for (i = 0 ; i < gids ; i++) {
532 int gid; 533 int gid;
534 kgid_t kgid;
533 rv = get_int(&mesg, &gid); 535 rv = get_int(&mesg, &gid);
534 err = -EINVAL; 536 err = -EINVAL;
535 if (rv) 537 if (rv)
536 goto out; 538 goto out;
537 GROUP_AT(ug.gi, i) = gid; 539 kgid = make_kgid(&init_user_ns, gid);
540 if (!gid_valid(kgid))
541 goto out;
542 GROUP_AT(ug.gi, i) = kgid;
538 } 543 }
539 544
540 ugp = unix_gid_lookup(cd, uid); 545 ugp = unix_gid_lookup(cd, uid);
@@ -563,6 +568,7 @@ static int unix_gid_show(struct seq_file *m,
563 struct cache_detail *cd, 568 struct cache_detail *cd,
564 struct cache_head *h) 569 struct cache_head *h)
565{ 570{
571 struct user_namespace *user_ns = current_user_ns();
566 struct unix_gid *ug; 572 struct unix_gid *ug;
567 int i; 573 int i;
568 int glen; 574 int glen;
@@ -580,7 +586,7 @@ static int unix_gid_show(struct seq_file *m,
580 586
581 seq_printf(m, "%u %d:", ug->uid, glen); 587 seq_printf(m, "%u %d:", ug->uid, glen);
582 for (i = 0; i < glen; i++) 588 for (i = 0; i < glen; i++)
583 seq_printf(m, " %d", GROUP_AT(ug->gi, i)); 589 seq_printf(m, " %d", from_kgid_munged(user_ns, GROUP_AT(ug->gi, i)));
584 seq_printf(m, "\n"); 590 seq_printf(m, "\n");
585 return 0; 591 return 0;
586} 592}
@@ -831,8 +837,12 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
831 cred->cr_group_info = groups_alloc(slen); 837 cred->cr_group_info = groups_alloc(slen);
832 if (cred->cr_group_info == NULL) 838 if (cred->cr_group_info == NULL)
833 return SVC_CLOSE; 839 return SVC_CLOSE;
834 for (i = 0; i < slen; i++) 840 for (i = 0; i < slen; i++) {
835 GROUP_AT(cred->cr_group_info, i) = svc_getnl(argv); 841 kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv));
842 if (!gid_valid(kgid))
843 goto badcred;
844 GROUP_AT(cred->cr_group_info, i) = kgid;
845 }
836 if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { 846 if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {
837 *authp = rpc_autherr_badverf; 847 *authp = rpc_autherr_badverf;
838 return SVC_DENIED; 848 return SVC_DENIED;