GitHub-Mirror/linux-bl808
2
0
Fork 0
mirror of https://github.com/Fishwaldo/linux-bl808.git synced 2025-06-06 14:45:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

nfsd: Properly compare and initialize kuids and kgids

Browse source 
Use uid_eq(uid, GLOBAL_ROOT_UID) instead of !uid.
Use gid_eq(gid, GLOBAL_ROOT_GID) instead of !gid.
Use uid_eq(uid, INVALID_UID) instead of uid == -1
Use gid_eq(uid, INVALID_GID) instead of gid == -1
Use uid = GLOBAL_ROOT_UID instead of uid = 0;
Use gid = GLOBAL_ROOT_GID instead of gid = 0;
Use !uid_eq(uid1, uid2) instead of uid1 != uid2.
Use !gid_eq(gid1, gid2) instead of gid1 != gid2.
Use uid_eq(uid1, uid2) instead of uid1 == uid2.

Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This commit is contained in:
Eric W. Biederman 2013-02-02 06:53:11 -08:00
parent 4c1e1b34d5
commit 6fab877900
4 changed files with 14 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
fs/nfsd/auth.c
View file

@ -47,9 +47,9 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
if (!gi) if (!gi)
goto oom; goto oom;
} else if (flags & NFSEXP_ROOTSQUASH) { } else if (flags & NFSEXP_ROOTSQUASH) {
if (!new->fsuid) if (uid_eq(new->fsuid, GLOBAL_ROOT_UID))
new->fsuid = exp->ex_anon_uid; new->fsuid = exp->ex_anon_uid;
if (!new->fsgid) if (gid_eq(new->fsgid, GLOBAL_ROOT_GID))
new->fsgid = exp->ex_anon_gid; new->fsgid = exp->ex_anon_gid;
gi = groups_alloc(rqgi->ngroups); gi = groups_alloc(rqgi->ngroups);
@ -66,9 +66,9 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
gi = get_group_info(rqgi); gi = get_group_info(rqgi);
} }
if (new->fsuid == (uid_t) -1) if (uid_eq(new->fsuid, INVALID_UID))
new->fsuid = exp->ex_anon_uid; new->fsuid = exp->ex_anon_uid;
if (new->fsgid == (gid_t) -1) if (gid_eq(new->fsgid, INVALID_GID))
new->fsgid = exp->ex_anon_gid; new->fsgid = exp->ex_anon_gid;
ret = set_groups(new, gi); ret = set_groups(new, gi);
@ -76,7 +76,7 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
if (ret < 0) if (ret < 0)
goto error; goto error;
if (new->fsuid) if (!uid_eq(new->fsuid, GLOBAL_ROOT_UID))
new->cap_effective = cap_drop_nfsd_set(new->cap_effective); new->cap_effective = cap_drop_nfsd_set(new->cap_effective);
else else
new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_effective = cap_raise_nfsd_set(new->cap_effective,

4
fs/nfsd/nfs4recover.c
View file

@ -73,8 +73,8 @@ nfs4_save_creds(const struct cred **original_creds)
if (!new) if (!new)
return -ENOMEM; return -ENOMEM;
new->fsuid = 0; new->fsuid = GLOBAL_ROOT_UID;
new->fsgid = 0; new->fsgid = GLOBAL_ROOT_GID;
*original_creds = override_creds(new); *original_creds = override_creds(new);
put_cred(new); put_cred(new);
return 0; return 0;

6
fs/nfsd/nfs4state.c
View file

@ -1202,7 +1202,7 @@ static bool groups_equal(struct group_info *g1, struct group_info *g2)
if (g1->ngroups != g2->ngroups) if (g1->ngroups != g2->ngroups)
return false; return false;
for (i=0; i<g1->ngroups; i++) for (i=0; i<g1->ngroups; i++)
if (GROUP_AT(g1, i) != GROUP_AT(g2, i)) if (!gid_eq(GROUP_AT(g1, i), GROUP_AT(g2, i)))
return false; return false;
return true; return true;
} }
@ -1227,8 +1227,8 @@ static bool
same_creds(struct svc_cred *cr1, struct svc_cred *cr2) same_creds(struct svc_cred *cr1, struct svc_cred *cr2)
{ {
if ((is_gss_cred(cr1) != is_gss_cred(cr2)) if ((is_gss_cred(cr1) != is_gss_cred(cr2))
|| (cr1->cr_uid != cr2->cr_uid) || (!uid_eq(cr1->cr_uid, cr2->cr_uid))
|| (cr1->cr_gid != cr2->cr_gid) || (!gid_eq(cr1->cr_gid, cr2->cr_gid))
|| !groups_equal(cr1->cr_group_info, cr2->cr_group_info)) || !groups_equal(cr1->cr_group_info, cr2->cr_group_info))
return false; return false;
if (cr1->cr_principal == cr2->cr_principal) if (cr1->cr_principal == cr2->cr_principal)

8
fs/nfsd/vfs.c
View file

@ -401,8 +401,8 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
/* Revoke setuid/setgid on chown */ /* Revoke setuid/setgid on chown */
if (!S_ISDIR(inode->i_mode) && if (!S_ISDIR(inode->i_mode) &&
(((iap->ia_valid & ATTR_UID) && iap->ia_uid != inode->i_uid) || (((iap->ia_valid & ATTR_UID) && !uid_eq(iap->ia_uid, inode->i_uid)) ||
((iap->ia_valid & ATTR_GID) && iap->ia_gid != inode->i_gid))) { ((iap->ia_valid & ATTR_GID) && !gid_eq(iap->ia_gid, inode->i_gid)))) {
iap->ia_valid |= ATTR_KILL_PRIV; iap->ia_valid |= ATTR_KILL_PRIV;
if (iap->ia_valid & ATTR_MODE) { if (iap->ia_valid & ATTR_MODE) {
/* we're setting mode too, just clear the s*id bits */ /* we're setting mode too, just clear the s*id bits */
@ -1205,7 +1205,7 @@ nfsd_create_setattr(struct svc_rqst *rqstp, struct svc_fh *resfhp,
* send along the gid on create when it tries to implement * send along the gid on create when it tries to implement
* setgid directories via NFS: * setgid directories via NFS:
*/ */
if (current_fsuid() != 0) if (!uid_eq(current_fsuid(), GLOBAL_ROOT_UID))
iap->ia_valid &= ~(ATTR_UID|ATTR_GID); iap->ia_valid &= ~(ATTR_UID|ATTR_GID);
if (iap->ia_valid) if (iap->ia_valid)
return nfsd_setattr(rqstp, resfhp, iap, 0, (time_t)0); return nfsd_setattr(rqstp, resfhp, iap, 0, (time_t)0);
@ -2150,7 +2150,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
* with NFSv3. * with NFSv3.
*/ */
if ((acc & NFSD_MAY_OWNER_OVERRIDE) && if ((acc & NFSD_MAY_OWNER_OVERRIDE) &&
inode->i_uid == current_fsuid()) uid_eq(inode->i_uid, current_fsuid()))
return 0; return 0;
/* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */ /* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */