Commit d28fcc83 authored by J. Bruce Fields's avatar J. Bruce Fields

svcrpc: fix gss-proxy to respect user namespaces

Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 6278b62a
...@@ -216,13 +216,13 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr, ...@@ -216,13 +216,13 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr,
err = get_s32(&q, end, &tmp); err = get_s32(&q, end, &tmp);
if (err) if (err)
return err; return err;
creds->cr_uid = tmp; creds->cr_uid = make_kuid(&init_user_ns, tmp);
/* gid */ /* gid */
err = get_s32(&q, end, &tmp); err = get_s32(&q, end, &tmp);
if (err) if (err)
return err; return err;
creds->cr_gid = tmp; creds->cr_gid = make_kgid(&init_user_ns, tmp);
/* number of additional gid's */ /* number of additional gid's */
err = get_s32(&q, end, &tmp); err = get_s32(&q, end, &tmp);
...@@ -235,15 +235,21 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr, ...@@ -235,15 +235,21 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr,
/* gid's */ /* gid's */
for (i = 0; i < N; i++) { for (i = 0; i < N; i++) {
kgid_t kgid;
err = get_s32(&q, end, &tmp); err = get_s32(&q, end, &tmp);
if (err) { if (err)
groups_free(creds->cr_group_info); goto out_free_groups;
return err; err = -EINVAL;
} kgid = make_kgid(&init_user_ns, tmp);
GROUP_AT(creds->cr_group_info, i) = tmp; if (!gid_valid(kgid))
goto out_free_groups;
GROUP_AT(creds->cr_group_info, i) = kgid;
} }
return 0; return 0;
out_free_groups:
groups_free(creds->cr_group_info);
return err;
} }
static int gssx_dec_option_array(struct xdr_stream *xdr, static int gssx_dec_option_array(struct xdr_stream *xdr,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment