nfsd: Modify nfsd4_cb_sec to use kuids and kgids

Change uid and gid in struct nfsd4_cb_sec to be of type kuid_t and kgid_t. In nfsd4_decode_cb_sec when reading uids and gids off the wire convert them to kuids and kgids, and if they don't convert to valid kuids or valid kuids ignore RPC_AUTH_UNIX and don't fill in any of the fields. Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

nfsd: Modify nfsd4_cb_sec to use kuids and kgids
Change uid and gid in struct nfsd4_cb_sec to be of type kuid_t and kgid_t. In nfsd4_decode_cb_sec when reading uids and gids off the wire convert them to kuids and kgids, and if they don't convert to valid kuids or valid kuids ignore RPC_AUTH_UNIX and don't fill in any of the fields. Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Eric W. Biederman
1 parent ab8e4aee0a
Showing 2 changed files with 12 additions and 5 deletions Side-by-side Diff
fs/nfsd/nfs4xdr.c
fs/nfsd/state.h
@@ -464,9 +464,16 @@
 			READ32(dummy);
 			READ_BUF(dummy * 4);
 			if (cbs->flavor == (u32)(-1)) {
-				cbs->uid = uid;
-				cbs->gid = gid;
-				cbs->flavor = RPC_AUTH_UNIX;
+				kuid_t kuid = make_kuid(&init_user_ns, uid);
+				kgid_t kgid = make_kgid(&init_user_ns, gid);
+				if (uid_valid(kuid) && gid_valid(kgid)) {
+					cbs->uid = kuid;
+					cbs->gid = kgid;
+					cbs->flavor = RPC_AUTH_UNIX;
+				} else {
+					dprintk("RPC_AUTH_UNIX with invalid"
+						"uid or gid ignoring!\n");
+				}
 			}
 			break;
 		case RPC_AUTH_GSS:
@@ -152,8 +152,8 @@
  
 struct nfsd4_cb_sec {
 	u32	flavor; /* (u32)(-1) used to mean "no valid flavor" */
-	u32	uid;
-	u32	gid;
+	kuid_t	uid;
+	kgid_t	gid;
 };
  
 struct nfsd4_create_session {
...	...	@@ -464,9 +464,16 @@
464	464	READ32(dummy);
465	465	READ_BUF(dummy * 4);
466	466	if (cbs->flavor == (u32)(-1)) {
467		- cbs->uid = uid;
468		- cbs->gid = gid;
469		- cbs->flavor = RPC_AUTH_UNIX;
	467	+ kuid_t kuid = make_kuid(&init_user_ns, uid);
	468	+ kgid_t kgid = make_kgid(&init_user_ns, gid);
	469	+ if (uid_valid(kuid) && gid_valid(kgid)) {
	470	+ cbs->uid = kuid;
	471	+ cbs->gid = kgid;
	472	+ cbs->flavor = RPC_AUTH_UNIX;
	473	+ } else {
	474	+ dprintk("RPC_AUTH_UNIX with invalid"
	475	+ "uid or gid ignoring!\n");
	476	+ }
470	477	}
471	478	break;
472	479	case RPC_AUTH_GSS:
...	...	@@ -152,8 +152,8 @@
152	152
153	153	struct nfsd4_cb_sec {
154	154	u32 flavor; /* (u32)(-1) used to mean "no valid flavor" */
155		- u32 uid;
156		- u32 gid;
	155	+ kuid_t uid;
	156	+ kgid_t gid;
157	157	};
158	158
159	159	struct nfsd4_create_session {