Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d28fcc83 authored by J. Bruce Fields's avatar J. Bruce Fields
Browse files

svcrpc: fix gss-proxy to respect user namespaces 



Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 6278b62a

net/sunrpc/auth_gss/gss_rpc_xdr.c

+13 −7
Original line number Diff line number Diff line
@@ -216,13 +216,13 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr, 
	err = get_s32(&q, end, &tmp);

	if (err)

		return err;

	creds->cr_uid = tmp;

	creds->cr_uid = make_kuid(&init_user_ns, tmp);



	/* gid */

	err = get_s32(&q, end, &tmp);

	if (err)

		return err;

	creds->cr_gid = tmp;

	creds->cr_gid = make_kgid(&init_user_ns, tmp);



	/* number of additional gid's */

	err = get_s32(&q, end, &tmp);
@@ -235,15 +235,21 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr, 


	/* gid's */

	for (i = 0; i < N; i++) {

		kgid_t kgid;

		err = get_s32(&q, end, &tmp);

		if (err) {

			groups_free(creds->cr_group_info);

			return err;

		}

		GROUP_AT(creds->cr_group_info, i) = tmp;

		if (err)

			goto out_free_groups;

		err = -EINVAL;

		kgid = make_kgid(&init_user_ns, tmp);

		if (!gid_valid(kgid))

			goto out_free_groups;

		GROUP_AT(creds->cr_group_info, i) = kgid;

	}



	return 0;

out_free_groups:

	groups_free(creds->cr_group_info);

	return err;

}



static int gssx_dec_option_array(struct xdr_stream *xdr,