mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-25 21:54:06 +08:00
6fab877900
Use uid_eq(uid, GLOBAL_ROOT_UID) instead of !uid. Use gid_eq(gid, GLOBAL_ROOT_GID) instead of !gid. Use uid_eq(uid, INVALID_UID) instead of uid == -1 Use gid_eq(uid, INVALID_GID) instead of gid == -1 Use uid = GLOBAL_ROOT_UID instead of uid = 0; Use gid = GLOBAL_ROOT_GID instead of gid = 0; Use !uid_eq(uid1, uid2) instead of uid1 != uid2. Use !gid_eq(gid1, gid2) instead of gid1 != gid2. Use uid_eq(uid1, uid2) instead of uid1 == uid2. Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
97 lines
2.1 KiB
C
97 lines
2.1 KiB
C
/* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> */
|
|
|
|
#include <linux/sched.h>
|
|
#include <linux/user_namespace.h>
|
|
#include "nfsd.h"
|
|
#include "auth.h"
|
|
|
|
int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
|
|
{
|
|
struct exp_flavor_info *f;
|
|
struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
|
|
|
|
for (f = exp->ex_flavors; f < end; f++) {
|
|
if (f->pseudoflavor == rqstp->rq_cred.cr_flavor)
|
|
return f->flags;
|
|
}
|
|
return exp->ex_flags;
|
|
|
|
}
|
|
|
|
int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
|
|
{
|
|
struct group_info *rqgi;
|
|
struct group_info *gi;
|
|
struct cred *new;
|
|
int i;
|
|
int flags = nfsexp_flags(rqstp, exp);
|
|
int ret;
|
|
|
|
validate_process_creds();
|
|
|
|
/* discard any old override before preparing the new set */
|
|
revert_creds(get_cred(current->real_cred));
|
|
new = prepare_creds();
|
|
if (!new)
|
|
return -ENOMEM;
|
|
|
|
new->fsuid = rqstp->rq_cred.cr_uid;
|
|
new->fsgid = rqstp->rq_cred.cr_gid;
|
|
|
|
rqgi = rqstp->rq_cred.cr_group_info;
|
|
|
|
if (flags & NFSEXP_ALLSQUASH) {
|
|
new->fsuid = exp->ex_anon_uid;
|
|
new->fsgid = exp->ex_anon_gid;
|
|
gi = groups_alloc(0);
|
|
if (!gi)
|
|
goto oom;
|
|
} else if (flags & NFSEXP_ROOTSQUASH) {
|
|
if (uid_eq(new->fsuid, GLOBAL_ROOT_UID))
|
|
new->fsuid = exp->ex_anon_uid;
|
|
if (gid_eq(new->fsgid, GLOBAL_ROOT_GID))
|
|
new->fsgid = exp->ex_anon_gid;
|
|
|
|
gi = groups_alloc(rqgi->ngroups);
|
|
if (!gi)
|
|
goto oom;
|
|
|
|
for (i = 0; i < rqgi->ngroups; i++) {
|
|
if (gid_eq(GLOBAL_ROOT_GID, GROUP_AT(rqgi, i)))
|
|
GROUP_AT(gi, i) = exp->ex_anon_gid;
|
|
else
|
|
GROUP_AT(gi, i) = GROUP_AT(rqgi, i);
|
|
}
|
|
} else {
|
|
gi = get_group_info(rqgi);
|
|
}
|
|
|
|
if (uid_eq(new->fsuid, INVALID_UID))
|
|
new->fsuid = exp->ex_anon_uid;
|
|
if (gid_eq(new->fsgid, INVALID_GID))
|
|
new->fsgid = exp->ex_anon_gid;
|
|
|
|
ret = set_groups(new, gi);
|
|
put_group_info(gi);
|
|
if (ret < 0)
|
|
goto error;
|
|
|
|
if (!uid_eq(new->fsuid, GLOBAL_ROOT_UID))
|
|
new->cap_effective = cap_drop_nfsd_set(new->cap_effective);
|
|
else
|
|
new->cap_effective = cap_raise_nfsd_set(new->cap_effective,
|
|
new->cap_permitted);
|
|
validate_process_creds();
|
|
put_cred(override_creds(new));
|
|
put_cred(new);
|
|
validate_process_creds();
|
|
return 0;
|
|
|
|
oom:
|
|
ret = -ENOMEM;
|
|
error:
|
|
abort_creds(new);
|
|
return ret;
|
|
}
|
|
|