diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2013-02-02 14:49:44 +0400 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2013-02-13 18:15:25 +0400 |
commit | 25da9263710ec94c964259c79fa9a3a635cd3a50 (patch) | |
tree | c2f3aed2f7517c1c046d9ef331aad2926e195200 /samples | |
parent | a570abbb966ee7de6c4357a58be11a558fa7099b (diff) | |
download | linux-25da9263710ec94c964259c79fa9a3a635cd3a50.tar.xz |
sunrpc: Properly encode kuids and kgids in auth.unix.gid rpc pipe upcalls.
When a new rpc connection is established with an in-kernel server, the
traffic passes through svc_process_common, and svc_set_client and down
into svcauth_unix_set_client if it is of type RPC_AUTH_NULL or
RPC_AUTH_UNIX.
svcauth_unix_set_client then looks at the uid of the credential we
have assigned to the incomming client and if we don't have the groups
already cached makes an upcall to get a list of groups that the client
can use.
The upcall encodes send a rpc message to user space encoding the uid
of the user whose groups we want to know. Encode the kuid of the user
in the initial user namespace as nfs mounts can only happen today in
the initial user namespace.
When a reply to an upcall comes in convert interpret the uid and gid values
from the rpc pipe as uids and gids in the initial user namespace and convert
them into kuids and kgids before processing them further.
When reading proc files listing the uid to gid list cache convert the
kuids and kgids from into uids and gids the initial user namespace. As we are
displaying server internal details it makes sense to display these values
from the servers perspective.
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'samples')
0 files changed, 0 insertions, 0 deletions