korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-17 01:04:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

sunrpc: Update gss uid to security context mapping.

Browse Source 
- Use from_kuid when generating the on the wire uid values.
- Use make_kuid when reading on the wire values.

In gss_encode_v0_msg, since the uid in gss_upcall_msg is now a kuid_t
generate the necessary uid_t value on the stack copy it into
gss_msg->databuf where it can safely live until the message is no
longer needed.

Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This commit is contained in:
Eric W. Biederman 2013-02-02 00:25:43 -08:00
parent e572fc7398
commit 90602c7b19
1 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
net/sunrpc/auth_gss/auth_gss.c
View File

@ -395,8 +395,11 @@ gss_upcall_callback(struct rpc_task *task)
static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg) static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg)
{ {
gss_msg->msg.data = &gss_msg->uid; uid_t uid = from_kuid(&init_user_ns, gss_msg->uid);
gss_msg->msg.len = sizeof(gss_msg->uid); memcpy(gss_msg->databuf, &uid, sizeof(uid));
gss_msg->msg.data = gss_msg->databuf;
gss_msg->msg.len = sizeof(uid);
BUG_ON(sizeof(uid) > UPCALL_BUF_LEN);
} }
static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
@ -409,7 +412,7 @@ static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
gss_msg->msg.len = sprintf(gss_msg->databuf, "mech=%s uid=%d ", gss_msg->msg.len = sprintf(gss_msg->databuf, "mech=%s uid=%d ",
mech->gm_name, mech->gm_name,
gss_msg->uid); from_kuid(&init_user_ns, gss_msg->uid));
p += gss_msg->msg.len; p += gss_msg->msg.len;
if (clnt->cl_principal) { if (clnt->cl_principal) {
len = sprintf(p, "target=%s ", clnt->cl_principal); len = sprintf(p, "target=%s ", clnt->cl_principal);
@ -620,7 +623,8 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
struct gss_upcall_msg *gss_msg; struct gss_upcall_msg *gss_msg;
struct rpc_pipe *pipe = RPC_I(filp->f_dentry->d_inode)->pipe; struct rpc_pipe *pipe = RPC_I(filp->f_dentry->d_inode)->pipe;
struct gss_cl_ctx *ctx; struct gss_cl_ctx *ctx;
uid_t uid; uid_t id;
kuid_t uid;
ssize_t err = -EFBIG; ssize_t err = -EFBIG;
if (mlen > MSG_BUF_MAXSIZE) if (mlen > MSG_BUF_MAXSIZE)
@ -635,12 +639,18 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
goto err; goto err;
end = (const void *)((char *)buf + mlen); end = (const void *)((char *)buf + mlen);
p = simple_get_bytes(buf, end, &uid, sizeof(uid)); p = simple_get_bytes(buf, end, &id, sizeof(id));
if (IS_ERR(p)) { if (IS_ERR(p)) {
err = PTR_ERR(p); err = PTR_ERR(p);
goto err; goto err;
} }
uid = make_kuid(&init_user_ns, id);
if (!uid_valid(uid)) {
err = -EINVAL;
goto err;
}
err = -ENOMEM; err = -ENOMEM;
ctx = gss_alloc_context(); ctx = gss_alloc_context();
if (ctx == NULL) if (ctx == NULL)