1 files changed, 56 insertions, 39 deletions
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index 294992e9bf69..0184fe9b514c 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -27,53 +27,70 @@ int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
 int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
 {
-        struct svc_cred cred = rqstp->rq_cred;
+        struct group_info *rqgi;
+        struct group_info *gi;
+        struct cred *new;
        int i;
        int flags = nfsexp_flags(rqstp, exp);
        int ret;
+        /* discard any old override before preparing the new set */
+        revert_creds(get_cred(current->real_cred));
+        new = prepare_creds();
+        if (!new)
+                return -ENOMEM;
+        new->fsuid = rqstp->rq_cred.cr_uid;
+        new->fsgid = rqstp->rq_cred.cr_gid;
+        rqgi = rqstp->rq_cred.cr_group_info;
        if (flags & NFSEXP_ALLSQUASH) {
-                cred.cr_uid = exp->ex_anon_uid;
+                new->fsuid = exp->ex_anon_uid;
-                cred.cr_gid = exp->ex_anon_gid;
+                new->fsgid = exp->ex_anon_gid;
-                cred.cr_group_info = groups_alloc(0);
+                gi = groups_alloc(0);
        } else if (flags & NFSEXP_ROOTSQUASH) {
-                struct group_info *gi;
+                if (!new->fsuid)
-                if (!cred.cr_uid)
+                        new->fsuid = exp->ex_anon_uid;
-                        cred.cr_uid = exp->ex_anon_uid;
+                if (!new->fsgid)
-                if (!cred.cr_gid)
+                        new->fsgid = exp->ex_anon_gid;
-                        cred.cr_gid = exp->ex_anon_gid;
-                gi = groups_alloc(cred.cr_group_info->ngroups);
-                if (gi)
-                        for (i = 0; i < cred.cr_group_info->ngroups; i++) {
-                                if (!GROUP_AT(cred.cr_group_info, i))
-                                        GROUP_AT(gi, i) = exp->ex_anon_gid;
-                                else
-                                        GROUP_AT(gi, i) = GROUP_AT(cred.cr_group_info, i);
-                        }
-                cred.cr_group_info = gi;
-        } else
-                get_group_info(cred.cr_group_info);
-        if (cred.cr_uid != (uid_t) -1)
-                current->fsuid = cred.cr_uid;
-        else
-                current->fsuid = exp->ex_anon_uid;
-        if (cred.cr_gid != (gid_t) -1)
-                current->fsgid = cred.cr_gid;
-        else
-                current->fsgid = exp->ex_anon_gid;
-        if (!cred.cr_group_info)
+                gi = groups_alloc(rqgi->ngroups);
-                return -ENOMEM;
+                if (!gi)
-        ret = set_current_groups(cred.cr_group_info);
+                        goto oom;
-        put_group_info(cred.cr_group_info);
-        if ((cred.cr_uid)) {
+                for (i = 0; i < rqgi->ngroups; i++) {
-                current->cap_effective =
+                        if (!GROUP_AT(rqgi, i))
-                        cap_drop_nfsd_set(current->cap_effective);
+                                GROUP_AT(gi, i) = exp->ex_anon_gid;
+                        else
+                                GROUP_AT(gi, i) = GROUP_AT(rqgi, i);
+                }
        } else {
-                current->cap_effective =
+                gi = get_group_info(rqgi);
-                        cap_raise_nfsd_set(current->cap_effective,
-                                           current->cap_permitted);
        }
+        if (new->fsuid == (uid_t) -1)
+                new->fsuid = exp->ex_anon_uid;
+        if (new->fsgid == (gid_t) -1)
+                new->fsgid = exp->ex_anon_gid;
+        ret = set_groups(new, gi);
+        put_group_info(gi);
+        if (!ret)
+                goto error;
+        if (new->uid)
+                new->cap_effective = cap_drop_nfsd_set(new->cap_effective);
+        else
+                new->cap_effective = cap_raise_nfsd_set(new->cap_effective,
+                                                        new->cap_permitted);
+        put_cred(override_creds(new));
+        return 0;
+oom:
+        ret = -ENOMEM;
+error:
+        abort_creds(new);
        return ret;
 }

diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index 294992e9bf69..0184fe9b514c 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c
@@ -27,53 +27,70 @@ int nfsexp_flags(struct svc_rqst rqstp, struct svc_export exp)
27		27
28	int nfsd_setuser(struct svc_rqst rqstp, struct svc_export exp)	28	int nfsd_setuser(struct svc_rqst rqstp, struct svc_export exp)
29	{	29	{
30	struct svc_cred cred = rqstp->rq_cred;	30	struct group_info *rqgi;
		31	struct group_info *gi;
		32	struct cred *new;
31	int i;	33	int i;
32	int flags = nfsexp_flags(rqstp, exp);	34	int flags = nfsexp_flags(rqstp, exp);
33	int ret;	35	int ret;
34		36
		37	/* discard any old override before preparing the new set */
		38	revert_creds(get_cred(current->real_cred));
		39	new = prepare_creds();
		40	if (!new)
		41	return -ENOMEM;
		42
		43	new->fsuid = rqstp->rq_cred.cr_uid;
		44	new->fsgid = rqstp->rq_cred.cr_gid;
		45
		46	rqgi = rqstp->rq_cred.cr_group_info;
		47
35	if (flags & NFSEXP_ALLSQUASH) {	48	if (flags & NFSEXP_ALLSQUASH) {
36	cred.cr_uid = exp->ex_anon_uid;	49	new->fsuid = exp->ex_anon_uid;
37	cred.cr_gid = exp->ex_anon_gid;	50	new->fsgid = exp->ex_anon_gid;
38	cred.cr_group_info = groups_alloc(0);	51	gi = groups_alloc(0);
39	} else if (flags & NFSEXP_ROOTSQUASH) {	52	} else if (flags & NFSEXP_ROOTSQUASH) {
40	struct group_info *gi;	53	if (!new->fsuid)
41	if (!cred.cr_uid)	54	new->fsuid = exp->ex_anon_uid;
42	cred.cr_uid = exp->ex_anon_uid;	55	if (!new->fsgid)
43	if (!cred.cr_gid)	56	new->fsgid = exp->ex_anon_gid;
44	cred.cr_gid = exp->ex_anon_gid;
45	gi = groups_alloc(cred.cr_group_info->ngroups);
46	if (gi)
47	for (i = 0; i < cred.cr_group_info->ngroups; i++) {
48	if (!GROUP_AT(cred.cr_group_info, i))
49	GROUP_AT(gi, i) = exp->ex_anon_gid;
50	else
51	GROUP_AT(gi, i) = GROUP_AT(cred.cr_group_info, i);
52	}
53	cred.cr_group_info = gi;
54	} else
55	get_group_info(cred.cr_group_info);
56
57	if (cred.cr_uid != (uid_t) -1)
58	current->fsuid = cred.cr_uid;
59	else
60	current->fsuid = exp->ex_anon_uid;
61	if (cred.cr_gid != (gid_t) -1)
62	current->fsgid = cred.cr_gid;
63	else
64	current->fsgid = exp->ex_anon_gid;
65		57
66	if (!cred.cr_group_info)	58	gi = groups_alloc(rqgi->ngroups);
67	return -ENOMEM;	59	if (!gi)
68	ret = set_current_groups(cred.cr_group_info);	60	goto oom;
69	put_group_info(cred.cr_group_info);	61
70	if ((cred.cr_uid)) {	62	for (i = 0; i < rqgi->ngroups; i++) {
71	current->cap_effective =	63	if (!GROUP_AT(rqgi, i))
72	cap_drop_nfsd_set(current->cap_effective);	64	GROUP_AT(gi, i) = exp->ex_anon_gid;
		65	else
		66	GROUP_AT(gi, i) = GROUP_AT(rqgi, i);
		67	}
73	} else {	68	} else {
74	current->cap_effective =	69	gi = get_group_info(rqgi);
75	cap_raise_nfsd_set(current->cap_effective,
76	current->cap_permitted);
77	}	70	}
		71
		72	if (new->fsuid == (uid_t) -1)
		73	new->fsuid = exp->ex_anon_uid;
		74	if (new->fsgid == (gid_t) -1)
		75	new->fsgid = exp->ex_anon_gid;
		76
		77	ret = set_groups(new, gi);
		78	put_group_info(gi);
		79	if (!ret)
		80	goto error;
		81
		82	if (new->uid)
		83	new->cap_effective = cap_drop_nfsd_set(new->cap_effective);
		84	else
		85	new->cap_effective = cap_raise_nfsd_set(new->cap_effective,
		86	new->cap_permitted);
		87	put_cred(override_creds(new));
		88	return 0;
		89
		90	oom:
		91	ret = -ENOMEM;
		92	error:
		93	abort_creds(new);
78	return ret;	94	return ret;
79	}	95	}
		96