Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit afe3c3fd authored by J. Bruce Fields's avatar J. Bruce Fields
Browse files

svcrpc: fix failures to handle -1 uid's and gid's 



As of f025adf1 "sunrpc: Properly decode
kuids and kgids in RPC_AUTH_UNIX credentials" any rpc containing a -1
(0xffff) uid or gid would fail with a badcred error.

Reported symptoms were xmbc clients failing on upgrade of the NFS
server; examination of the network trace showed them sending -1 as the
gid.

Reported-by: default avatarJulian Sikorski <belegdol@gmail.com>
Tested-by: default avatarJulian Sikorski <belegdol@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: stable@vger.kernel.org
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent b161c144

net/sunrpc/svcauth_unix.c

+7 −5
Original line number Diff line number Diff line
@@ -810,11 +810,15 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp) 
		goto badcred;

	argv->iov_base = (void*)((__be32*)argv->iov_base + slen);	/* skip machname */

	argv->iov_len -= slen*4;



	/*

	 * Note: we skip uid_valid()/gid_valid() checks here for

	 * backwards compatibility with clients that use -1 id's.

	 * Instead, -1 uid or gid is later mapped to the

	 * (export-specific) anonymous id by nfsd_setuser.

	 * Supplementary gid's will be left alone.

	 */

	cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */

	cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */

	if (!uid_valid(cred->cr_uid) || !gid_valid(cred->cr_gid))

		goto badcred;

	slen = svc_getnl(argv);			/* gids length */

	if (slen > 16 || (len -= (slen + 2)*4) < 0)

		goto badcred;
@@ -823,8 +827,6 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp) 
		return SVC_CLOSE;

	for (i = 0; i < slen; i++) {

		kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv));

		if (!gid_valid(kgid))

			goto badcred;

		GROUP_AT(cred->cr_group_info, i) = kgid;

	}

	if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {