]>
Commit | Line | Data |
---|---|---|
a709ecc8 GKH |
1 | From dc83d6e27fa80babe31c80aa8568f125f72edf57 Mon Sep 17 00:00:00 2001 |
2 | From: J. Bruce Fields <bfields@citi.umich.edu> | |
3 | Date: Tue, 20 Oct 2009 18:51:34 -0400 | |
4 | Subject: nfsd4: don't try to map gid's in generic rpc code | |
5 | ||
6 | From: J. Bruce Fields <bfields@citi.umich.edu> | |
7 | ||
8 | commit dc83d6e27fa80babe31c80aa8568f125f72edf57 upstream. | |
9 | ||
10 | For nfsd we provide users the option of mapping uid's to server-side | |
11 | supplementary group lists. That makes sense for nfsd, but not | |
12 | necessarily for other rpc users (such as the callback client). | |
13 | ||
14 | So move that lookup to svcauth_unix_set_client, which is a | |
15 | program-specific method. | |
16 | ||
17 | Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> | |
18 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
19 | ||
20 | --- | |
21 | net/sunrpc/svcauth_unix.c | 53 ++++++++++++++++++++++++++-------------------- | |
22 | 1 file changed, 30 insertions(+), 23 deletions(-) | |
23 | ||
24 | --- a/net/sunrpc/svcauth_unix.c | |
25 | +++ b/net/sunrpc/svcauth_unix.c | |
26 | @@ -655,23 +655,25 @@ static struct unix_gid *unix_gid_lookup( | |
27 | return NULL; | |
28 | } | |
29 | ||
30 | -static int unix_gid_find(uid_t uid, struct group_info **gip, | |
31 | - struct svc_rqst *rqstp) | |
32 | +static struct group_info *unix_gid_find(uid_t uid, struct svc_rqst *rqstp) | |
33 | { | |
34 | - struct unix_gid *ug = unix_gid_lookup(uid); | |
35 | + struct unix_gid *ug; | |
36 | + struct group_info *gi; | |
37 | + int ret; | |
38 | + | |
39 | + ug = unix_gid_lookup(uid); | |
40 | if (!ug) | |
41 | - return -EAGAIN; | |
42 | - switch (cache_check(&unix_gid_cache, &ug->h, &rqstp->rq_chandle)) { | |
43 | + return ERR_PTR(-EAGAIN); | |
44 | + ret = cache_check(&unix_gid_cache, &ug->h, &rqstp->rq_chandle); | |
45 | + switch (ret) { | |
46 | case -ENOENT: | |
47 | - *gip = NULL; | |
48 | - return 0; | |
49 | + return ERR_PTR(-ENOENT); | |
50 | case 0: | |
51 | - *gip = ug->gi; | |
52 | - get_group_info(*gip); | |
53 | + gi = get_group_info(ug->gi); | |
54 | cache_put(&ug->h, &unix_gid_cache); | |
55 | - return 0; | |
56 | + return gi; | |
57 | default: | |
58 | - return -EAGAIN; | |
59 | + return ERR_PTR(-EAGAIN); | |
60 | } | |
61 | } | |
62 | ||
63 | @@ -681,6 +683,8 @@ svcauth_unix_set_client(struct svc_rqst | |
64 | struct sockaddr_in *sin; | |
65 | struct sockaddr_in6 *sin6, sin6_storage; | |
66 | struct ip_map *ipm; | |
67 | + struct group_info *gi; | |
68 | + struct svc_cred *cred = &rqstp->rq_cred; | |
69 | ||
70 | switch (rqstp->rq_addr.ss_family) { | |
71 | case AF_INET: | |
72 | @@ -722,6 +726,17 @@ svcauth_unix_set_client(struct svc_rqst | |
73 | ip_map_cached_put(rqstp, ipm); | |
74 | break; | |
75 | } | |
76 | + | |
77 | + gi = unix_gid_find(cred->cr_uid, rqstp); | |
78 | + switch (PTR_ERR(gi)) { | |
79 | + case -EAGAIN: | |
80 | + return SVC_DROP; | |
81 | + case -ENOENT: | |
82 | + break; | |
83 | + default: | |
84 | + put_group_info(cred->cr_group_info); | |
85 | + cred->cr_group_info = gi; | |
86 | + } | |
87 | return SVC_OK; | |
88 | } | |
89 | ||
90 | @@ -818,19 +833,11 @@ svcauth_unix_accept(struct svc_rqst *rqs | |
91 | slen = svc_getnl(argv); /* gids length */ | |
92 | if (slen > 16 || (len -= (slen + 2)*4) < 0) | |
93 | goto badcred; | |
94 | - if (unix_gid_find(cred->cr_uid, &cred->cr_group_info, rqstp) | |
95 | - == -EAGAIN) | |
96 | + cred->cr_group_info = groups_alloc(slen); | |
97 | + if (cred->cr_group_info == NULL) | |
98 | return SVC_DROP; | |
99 | - if (cred->cr_group_info == NULL) { | |
100 | - cred->cr_group_info = groups_alloc(slen); | |
101 | - if (cred->cr_group_info == NULL) | |
102 | - return SVC_DROP; | |
103 | - for (i = 0; i < slen; i++) | |
104 | - GROUP_AT(cred->cr_group_info, i) = svc_getnl(argv); | |
105 | - } else { | |
106 | - for (i = 0; i < slen ; i++) | |
107 | - svc_getnl(argv); | |
108 | - } | |
109 | + for (i = 0; i < slen; i++) | |
110 | + GROUP_AT(cred->cr_group_info, i) = svc_getnl(argv); | |
111 | if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { | |
112 | *authp = rpc_autherr_badverf; | |
113 | return SVC_DENIED; |