mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-11-07 04:09:21 +00:00
419f431949
Pull the rest of the nfsd commits from Bruce Fields: "... and then I cherry-picked the remainder of the patches from the head of my previous branch" This is the rest of the original nfsd branch, rebased without the delegation stuff that I thought really needed to be redone. I don't like rebasing things like this in general, but in this situation this was the lesser of two evils. * 'for-3.5' of git://linux-nfs.org/~bfields/linux: (50 commits) nfsd4: fix, consolidate client_has_state nfsd4: don't remove rebooted client record until confirmation nfsd4: remove some dprintk's and a comment nfsd4: return "real" sequence id in confirmed case nfsd4: fix exchange_id to return confirm flag nfsd4: clarify that renewing expired client is a bug nfsd4: simpler ordering of setclientid_confirm checks nfsd4: setclientid: remove pointless assignment nfsd4: fix error return in non-matching-creds case nfsd4: fix setclientid_confirm same_cred check nfsd4: merge 3 setclientid cases to 2 nfsd4: pull out common code from setclientid cases nfsd4: merge last two setclientid cases nfsd4: setclientid/confirm comment cleanup nfsd4: setclientid remove unnecessary terms from a logical expression nfsd4: move rq_flavor into svc_cred nfsd4: stricter cred comparison for setclientid/exchange_id nfsd4: move principal name into svc_cred nfsd4: allow removing clients not holding state nfsd4: rearrange exchange_id logic to simplify ...
96 lines
2.1 KiB
C
96 lines
2.1 KiB
C
/* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> */
|
|
|
|
#include <linux/sched.h>
|
|
#include <linux/user_namespace.h>
|
|
#include "nfsd.h"
|
|
#include "auth.h"
|
|
|
|
int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
|
|
{
|
|
struct exp_flavor_info *f;
|
|
struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
|
|
|
|
for (f = exp->ex_flavors; f < end; f++) {
|
|
if (f->pseudoflavor == rqstp->rq_cred.cr_flavor)
|
|
return f->flags;
|
|
}
|
|
return exp->ex_flags;
|
|
|
|
}
|
|
|
|
int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
|
|
{
|
|
struct group_info *rqgi;
|
|
struct group_info *gi;
|
|
struct cred *new;
|
|
int i;
|
|
int flags = nfsexp_flags(rqstp, exp);
|
|
int ret;
|
|
|
|
validate_process_creds();
|
|
|
|
/* discard any old override before preparing the new set */
|
|
revert_creds(get_cred(current->real_cred));
|
|
new = prepare_creds();
|
|
if (!new)
|
|
return -ENOMEM;
|
|
|
|
new->fsuid = rqstp->rq_cred.cr_uid;
|
|
new->fsgid = rqstp->rq_cred.cr_gid;
|
|
|
|
rqgi = rqstp->rq_cred.cr_group_info;
|
|
|
|
if (flags & NFSEXP_ALLSQUASH) {
|
|
new->fsuid = exp->ex_anon_uid;
|
|
new->fsgid = exp->ex_anon_gid;
|
|
gi = groups_alloc(0);
|
|
if (!gi)
|
|
goto oom;
|
|
} else if (flags & NFSEXP_ROOTSQUASH) {
|
|
if (!new->fsuid)
|
|
new->fsuid = exp->ex_anon_uid;
|
|
if (!new->fsgid)
|
|
new->fsgid = exp->ex_anon_gid;
|
|
|
|
gi = groups_alloc(rqgi->ngroups);
|
|
if (!gi)
|
|
goto oom;
|
|
|
|
for (i = 0; i < rqgi->ngroups; i++) {
|
|
if (gid_eq(GLOBAL_ROOT_GID, GROUP_AT(rqgi, i)))
|
|
GROUP_AT(gi, i) = make_kgid(&init_user_ns, exp->ex_anon_gid);
|
|
else
|
|
GROUP_AT(gi, i) = GROUP_AT(rqgi, i);
|
|
}
|
|
} else {
|
|
gi = get_group_info(rqgi);
|
|
}
|
|
|
|
if (new->fsuid == (uid_t) -1)
|
|
new->fsuid = exp->ex_anon_uid;
|
|
if (new->fsgid == (gid_t) -1)
|
|
new->fsgid = exp->ex_anon_gid;
|
|
|
|
ret = set_groups(new, gi);
|
|
put_group_info(gi);
|
|
if (ret < 0)
|
|
goto error;
|
|
|
|
if (new->fsuid)
|
|
new->cap_effective = cap_drop_nfsd_set(new->cap_effective);
|
|
else
|
|
new->cap_effective = cap_raise_nfsd_set(new->cap_effective,
|
|
new->cap_permitted);
|
|
validate_process_creds();
|
|
put_cred(override_creds(new));
|
|
put_cred(new);
|
|
validate_process_creds();
|
|
return 0;
|
|
|
|
oom:
|
|
ret = -ENOMEM;
|
|
error:
|
|
abort_creds(new);
|
|
return ret;
|
|
}
|
|
|