• J. Bruce Fields's avatar
    nfsd: fix krb5 handling of anonymous principals · 3c34ae11
    J. Bruce Fields authored
    krb5 mounts started failing as of
    683428fa "sunrpc: Update svcgss xdr
    handle to rpsec_contect cache".
    
    The problem is that mounts are usually done with some host principal
    which isn't normally mapped to any user, in which case svcgssd passes
    down uid -1, which the kernel is then expected to map to the
    export-specific anonymous uid or gid.
    
    The new uid_valid/gid_valid checks were therefore causing that downcall
    to fail.
    
    (Note the regression may not have been seen with older userspace that
    tended to map unknown principals to an anonymous id on their own rather
    than leaving it to the kernel.)
    Reviewed-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
    3c34ae11
svcauth_gss.c 38.5 KB