diff options
| author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2012-01-23 12:49:36 -0500 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2012-01-23 17:03:46 -0500 |
| commit | 875ad3f8e7dff6bc1d053e5bfe73d8e8d2e6ae67 (patch) | |
| tree | dec3691908348b240f2176ce681a7e4aa75e5fde /net | |
| parent | dcd6c92267155e70a94b3927bce681ce74b80d1f (diff) | |
SUNRPC: Fix machine creds in generic_create_cred and generic_match
- generic_create_cred needs to copy the '.principal' field.
- generic_match needs to ignore the groups and match on the '.principal'
field.
This fixes an Oops that was introduced by commit 68c9715 (SUNRPC:
Clean up the RPCSEC_GSS service ticket requests)
Reported-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Tested-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/sunrpc/auth_generic.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/net/sunrpc/auth_generic.c b/net/sunrpc/auth_generic.c index 1426ec3d0a53..75762f346975 100644 --- a/net/sunrpc/auth_generic.c +++ b/net/sunrpc/auth_generic.c | |||
| @@ -92,6 +92,7 @@ generic_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) | |||
| 92 | if (gcred->acred.group_info != NULL) | 92 | if (gcred->acred.group_info != NULL) |
| 93 | get_group_info(gcred->acred.group_info); | 93 | get_group_info(gcred->acred.group_info); |
| 94 | gcred->acred.machine_cred = acred->machine_cred; | 94 | gcred->acred.machine_cred = acred->machine_cred; |
| 95 | gcred->acred.principal = acred->principal; | ||
| 95 | 96 | ||
| 96 | dprintk("RPC: allocated %s cred %p for uid %d gid %d\n", | 97 | dprintk("RPC: allocated %s cred %p for uid %d gid %d\n", |
| 97 | gcred->acred.machine_cred ? "machine" : "generic", | 98 | gcred->acred.machine_cred ? "machine" : "generic", |
| @@ -123,6 +124,17 @@ generic_destroy_cred(struct rpc_cred *cred) | |||
| 123 | call_rcu(&cred->cr_rcu, generic_free_cred_callback); | 124 | call_rcu(&cred->cr_rcu, generic_free_cred_callback); |
| 124 | } | 125 | } |
| 125 | 126 | ||
| 127 | static int | ||
| 128 | machine_cred_match(struct auth_cred *acred, struct generic_cred *gcred, int flags) | ||
| 129 | { | ||
| 130 | if (!gcred->acred.machine_cred || | ||
| 131 | gcred->acred.principal != acred->principal || | ||
| 132 | gcred->acred.uid != acred->uid || | ||
| 133 | gcred->acred.gid != acred->gid) | ||
| 134 | return 0; | ||
| 135 | return 1; | ||
| 136 | } | ||
| 137 | |||
| 126 | /* | 138 | /* |
| 127 | * Match credentials against current process creds. | 139 | * Match credentials against current process creds. |
| 128 | */ | 140 | */ |
| @@ -132,9 +144,12 @@ generic_match(struct auth_cred *acred, struct rpc_cred *cred, int flags) | |||
| 132 | struct generic_cred *gcred = container_of(cred, struct generic_cred, gc_base); | 144 | struct generic_cred *gcred = container_of(cred, struct generic_cred, gc_base); |
| 133 | int i; | 145 | int i; |
| 134 | 146 | ||
| 147 | if (acred->machine_cred) | ||
| 148 | return machine_cred_match(acred, gcred, flags); | ||
| 149 | |||
| 135 | if (gcred->acred.uid != acred->uid || | 150 | if (gcred->acred.uid != acred->uid || |
| 136 | gcred->acred.gid != acred->gid || | 151 | gcred->acred.gid != acred->gid || |
| 137 | gcred->acred.machine_cred != acred->machine_cred) | 152 | gcred->acred.machine_cred != 0) |
| 138 | goto out_nomatch; | 153 | goto out_nomatch; |
| 139 | 154 | ||
| 140 | /* Optimisation in the case where pointers are identical... */ | 155 | /* Optimisation in the case where pointers are identical... */ |