Commit 54cceebb authored by NeilBrown's avatar NeilBrown Committed by Linus Torvalds
Browse files

[PATCH] knfsd: nfsd: nfsd_setuser doesn't really need to modify rqstp->rq_cred. 



In addition to setting the processes filesystem id's, nfsd_setuser also
modifies the value of the rq_cred which stores the id's that originally came
from the rpc call, for example to reflect root squashing.

There's no real reason to do that--the only case where rqstp->rq_cred is
actually used later on is in the NFSv4 SETCLIENTID/SETCLIENTID_CONFIRM
operations, and there the results are the opposite of what we want--those two
operations don't deal with the filesystem at all, they only record the
credentials used with the rpc call for later reference (so that we may require
the same credentials be used on later operations), and the credentials
shouldn't vary just because there was or wasn't a previous operation in the
compound that referred to some export

This fixes a bug which caused mounts from Solaris clients to fail.

Signed-off-by: default avatarAndy Adamson <andros@citi.umich.edu>
Signed-off-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: default avatarNeil Brown <neilb@suse.de>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent cd156549

fs/nfsd/auth.c

+23 −23
Original line number Diff line number Diff line
@@ -14,46 +14,46 @@ 


int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)

{

	struct svc_cred	*cred = &rqstp->rq_cred;

	struct svc_cred	cred = rqstp->rq_cred;

	int i;

	int ret;



	if (exp->ex_flags & NFSEXP_ALLSQUASH) {

		cred->cr_uid = exp->ex_anon_uid;

		cred->cr_gid = exp->ex_anon_gid;

		put_group_info(cred->cr_group_info);

		cred->cr_group_info = groups_alloc(0);

		cred.cr_uid = exp->ex_anon_uid;

		cred.cr_gid = exp->ex_anon_gid;

		cred.cr_group_info = groups_alloc(0);

	} else if (exp->ex_flags & NFSEXP_ROOTSQUASH) {

		struct group_info *gi;

		if (!cred->cr_uid)

			cred->cr_uid = exp->ex_anon_uid;

		if (!cred->cr_gid)

			cred->cr_gid = exp->ex_anon_gid;

		gi = groups_alloc(cred->cr_group_info->ngroups);

		if (!cred.cr_uid)

			cred.cr_uid = exp->ex_anon_uid;

		if (!cred.cr_gid)

			cred.cr_gid = exp->ex_anon_gid;

		gi = groups_alloc(cred.cr_group_info->ngroups);

		if (gi)

			for (i = 0; i < cred->cr_group_info->ngroups; i++) {

				if (!GROUP_AT(cred->cr_group_info, i))

			for (i = 0; i < cred.cr_group_info->ngroups; i++) {

				if (!GROUP_AT(cred.cr_group_info, i))

					GROUP_AT(gi, i) = exp->ex_anon_gid;

				else

					GROUP_AT(gi, i) = GROUP_AT(cred->cr_group_info, i);

			}

		put_group_info(cred->cr_group_info);

		cred->cr_group_info = gi;

					GROUP_AT(gi, i) = GROUP_AT(cred.cr_group_info, i);

			}

		cred.cr_group_info = gi;

	} else

		get_group_info(cred.cr_group_info);



	if (cred->cr_uid != (uid_t) -1)

		current->fsuid = cred->cr_uid;

	if (cred.cr_uid != (uid_t) -1)

		current->fsuid = cred.cr_uid;

	else

		current->fsuid = exp->ex_anon_uid;

	if (cred->cr_gid != (gid_t) -1)

		current->fsgid = cred->cr_gid;

	if (cred.cr_gid != (gid_t) -1)

		current->fsgid = cred.cr_gid;

	else

		current->fsgid = exp->ex_anon_gid;



	if (!cred->cr_group_info)

	if (!cred.cr_group_info)

		return -ENOMEM;

	ret = set_current_groups(cred->cr_group_info);

	if ((cred->cr_uid)) {

	ret = set_current_groups(cred.cr_group_info);

	put_group_info(cred.cr_group_info);

	if ((cred.cr_uid)) {

		cap_t(current->cap_effective) &= ~CAP_NFSD_MASK;

	} else {

		cap_t(current->cap_effective) |= (CAP_NFSD_MASK &

CRA Git | Maintained and supported by SUSTech CRA and CCSE