summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@redhat.com>2013-04-29 18:21:29 -0400
committerJ. Bruce Fields <bfields@redhat.com>2013-04-29 18:21:29 -0400
commitd28fcc830c2eadc526e43b0a5f6d2ed04e7421ef (patch)
treeaf8c781e8060011a688edb0e42f3c687389d32e1
parent6278b62aa8f90c668a4e4b94ad9d3952cf4331b7 (diff)
downloadlwn-d28fcc830c2eadc526e43b0a5f6d2ed04e7421ef.tar.gz
lwn-d28fcc830c2eadc526e43b0a5f6d2ed04e7421ef.zip
svcrpc: fix gss-proxy to respect user namespaces
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-rw-r--r--net/sunrpc/auth_gss/gss_rpc_xdr.c20
1 files changed, 13 insertions, 7 deletions
diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c
index d0ccdffa7e54..5c4c61d527e2 100644
--- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
+++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
@@ -216,13 +216,13 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr,
err = get_s32(&q, end, &tmp);
if (err)
return err;
- creds->cr_uid = tmp;
+ creds->cr_uid = make_kuid(&init_user_ns, tmp);
/* gid */
err = get_s32(&q, end, &tmp);
if (err)
return err;
- creds->cr_gid = tmp;
+ creds->cr_gid = make_kgid(&init_user_ns, tmp);
/* number of additional gid's */
err = get_s32(&q, end, &tmp);
@@ -235,15 +235,21 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr,
/* gid's */
for (i = 0; i < N; i++) {
+ kgid_t kgid;
err = get_s32(&q, end, &tmp);
- if (err) {
- groups_free(creds->cr_group_info);
- return err;
- }
- GROUP_AT(creds->cr_group_info, i) = tmp;
+ if (err)
+ goto out_free_groups;
+ err = -EINVAL;
+ kgid = make_kgid(&init_user_ns, tmp);
+ if (!gid_valid(kgid))
+ goto out_free_groups;
+ GROUP_AT(creds->cr_group_info, i) = kgid;
}
return 0;
+out_free_groups:
+ groups_free(creds->cr_group_info);
+ return err;
}
static int gssx_dec_option_array(struct xdr_stream *xdr,