Commit 4203afc3 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-3.10' of git://linux-nfs.org/~bfields/linux

Pull nfsd fixes from Bruce Fields:
 "A couple minor fixes for the (new to 3.10) gss-proxy code.

  And one regression from user-namespace changes.  (XBMC clients were
  doing something admittedly weird--sending -1 gid's--but something that
  we used to allow.)"

* 'for-3.10' of git://linux-nfs.org/~bfields/linux:
  svcrpc: fix failures to handle -1 uid's and gid's
  svcrpc: implement O_NONBLOCK behavior for use-gss-proxy
  svcauth_gss: fix error code in use_gss_proxy()
parents 484b002e afe3c3fd
...@@ -1287,7 +1287,7 @@ static bool use_gss_proxy(struct net *net) ...@@ -1287,7 +1287,7 @@ static bool use_gss_proxy(struct net *net)
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
static bool set_gss_proxy(struct net *net, int type) static int set_gss_proxy(struct net *net, int type)
{ {
struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
int ret = 0; int ret = 0;
...@@ -1317,10 +1317,12 @@ static inline bool gssp_ready(struct sunrpc_net *sn) ...@@ -1317,10 +1317,12 @@ static inline bool gssp_ready(struct sunrpc_net *sn)
return false; return false;
} }
static int wait_for_gss_proxy(struct net *net) static int wait_for_gss_proxy(struct net *net, struct file *file)
{ {
struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
if (file->f_flags & O_NONBLOCK && !gssp_ready(sn))
return -EAGAIN;
return wait_event_interruptible(sn->gssp_wq, gssp_ready(sn)); return wait_event_interruptible(sn->gssp_wq, gssp_ready(sn));
} }
...@@ -1362,7 +1364,7 @@ static ssize_t read_gssp(struct file *file, char __user *buf, ...@@ -1362,7 +1364,7 @@ static ssize_t read_gssp(struct file *file, char __user *buf,
size_t len; size_t len;
int ret; int ret;
ret = wait_for_gss_proxy(net); ret = wait_for_gss_proxy(net, file);
if (ret) if (ret)
return ret; return ret;
......
...@@ -810,11 +810,15 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp) ...@@ -810,11 +810,15 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
goto badcred; goto badcred;
argv->iov_base = (void*)((__be32*)argv->iov_base + slen); /* skip machname */ argv->iov_base = (void*)((__be32*)argv->iov_base + slen); /* skip machname */
argv->iov_len -= slen*4; argv->iov_len -= slen*4;
/*
* Note: we skip uid_valid()/gid_valid() checks here for
* backwards compatibility with clients that use -1 id's.
* Instead, -1 uid or gid is later mapped to the
* (export-specific) anonymous id by nfsd_setuser.
* Supplementary gid's will be left alone.
*/
cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */ cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */
cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */ cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */
if (!uid_valid(cred->cr_uid) || !gid_valid(cred->cr_gid))
goto badcred;
slen = svc_getnl(argv); /* gids length */ slen = svc_getnl(argv); /* gids length */
if (slen > 16 || (len -= (slen + 2)*4) < 0) if (slen > 16 || (len -= (slen + 2)*4) < 0)
goto badcred; goto badcred;
...@@ -823,8 +827,6 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp) ...@@ -823,8 +827,6 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
return SVC_CLOSE; return SVC_CLOSE;
for (i = 0; i < slen; i++) { for (i = 0; i < slen; i++) {
kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv)); kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv));
if (!gid_valid(kgid))
goto badcred;
GROUP_AT(cred->cr_group_info, i) = kgid; GROUP_AT(cred->cr_group_info, i) = kgid;
} }
if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment