From: Andrew Morton <akpm@osdl.org>
To: thockin@sun.com
Cc: arjanv@redhat.com, thomas.schlichter@web.de, thoffman@arnor.net,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: 2.6.2-rc2-mm2
Date: Fri, 30 Jan 2004 15:08:19 -0800 [thread overview]
Message-ID: <20040130150819.2425386b.akpm@osdl.org> (raw)
In-Reply-To: <20040130223105.GC9155@sun.com>
Tim Hockin <thockin@sun.com> wrote:
>
> On Fri, Jan 30, 2004 at 02:00:24PM -0800, Andrew Morton wrote:
> > Tim Hockin <thockin@sun.com> wrote:
> > >
> > > In fact, here is a rough cut (would need a coupel exported syms, too). The
> > > lack of any way to handle errors bothers me. printk and fail? yeesh.
> >
> > Seems to be a good way to go. It doesn't seem likely that any other parts
> > of the kernel will want to be setting the group ownership in this way.
>
> How's the attached patch?
OK. But we really should check that error code. I'll see your patch and
raise you one.
I think this is right - the NFSEXP_ALLSQUASH case appears to be clearing
all groups. When this settles down we need to run it all by Neil.
Do we need to handle the return value from set_current_groups(), or should
that guy be simply returning void?
diff -puN fs/nfsd/auth.c~increase-NGROUPS-nfsd-cleanup-checks fs/nfsd/auth.c
--- 25/fs/nfsd/auth.c~increase-NGROUPS-nfsd-cleanup-checks Fri Jan 30 15:03:55 2004
+++ 25-akpm/fs/nfsd/auth.c Fri Jan 30 15:06:43 2004
@@ -11,13 +11,25 @@
#include <linux/nfsd/nfsd.h>
#define CAP_NFSD_MASK (CAP_FS_MASK|CAP_TO_MASK(CAP_SYS_RESOURCE))
-void
-nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
+
+int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
{
struct svc_cred *cred = &rqstp->rq_cred;
- int i, j;
- gid_t groups[SVC_CRED_NGROUPS];
- struct group_info *group_info;
+ struct group_info *group_info = NULL;
+ int ngroups;
+ int i;
+ int ret;
+
+ ngroups = 0;
+ if (!(exp->ex_flags & NFSEXP_ALLSQUASH)) {
+ for (i = 0; i < SVC_CRED_NGROUPS; i++) {
+ if (cred->cr_groups[i])
+ ngroups++;
+ }
+ }
+ group_info = groups_alloc(ngroups);
+ if (group_info == NULL)
+ return -ENOMEM;
if (exp->ex_flags & NFSEXP_ALLSQUASH) {
cred->cr_uid = exp->ex_anon_uid;
@@ -41,25 +53,24 @@ nfsd_setuser(struct svc_rqst *rqstp, str
current->fsgid = cred->cr_gid;
else
current->fsgid = exp->ex_anon_gid;
+
for (i = 0; i < SVC_CRED_NGROUPS; i++) {
gid_t group = cred->cr_groups[i];
if (group == (gid_t) NOGROUP)
break;
- groups[i] = group;
+ GROUP_AT(group_info, i) = group;
}
- group_info = groups_alloc(i);
- /* should be error checking, but we can't return ENOMEM! */
- for (j = 0; j < i; j++)
- GROUP_AT(group_info, j) = groups[j];
- if (set_current_groups(group_info))
- put_group_info(group_info);
- /* should be error handling but we return void */
- if ((cred->cr_uid)) {
- cap_t(current->cap_effective) &= ~CAP_NFSD_MASK;
+ ret = set_current_groups(group_info);
+ if (ret == 0) {
+ if ((cred->cr_uid)) {
+ cap_t(current->cap_effective) &= ~CAP_NFSD_MASK;
+ } else {
+ cap_t(current->cap_effective) |= (CAP_NFSD_MASK &
+ current->cap_permitted);
+ }
} else {
- cap_t(current->cap_effective) |= (CAP_NFSD_MASK &
- current->cap_permitted);
+ put_group_info(group_info);
}
-
+ return ret;
}
diff -puN include/linux/nfsd/auth.h~increase-NGROUPS-nfsd-cleanup-checks include/linux/nfsd/auth.h
--- 25/include/linux/nfsd/auth.h~increase-NGROUPS-nfsd-cleanup-checks Fri Jan 30 15:03:55 2004
+++ 25-akpm/include/linux/nfsd/auth.h Fri Jan 30 15:03:55 2004
@@ -21,7 +21,7 @@
* Set the current process's fsuid/fsgid etc to those of the NFS
* client user
*/
-void nfsd_setuser(struct svc_rqst *, struct svc_export *);
+int nfsd_setuser(struct svc_rqst *, struct svc_export *);
#endif /* __KERNEL__ */
#endif /* LINUX_NFSD_AUTH_H */
_
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"aart@kvack.org"> aart@kvack.org </a>
next prev parent reply other threads:[~2004-01-30 23:08 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-30 9:41 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 10:52 ` 2.6.2-rc2-mm2 Helge Hafting
2004-01-30 11:14 ` 2.6.2-rc2-mm2 Zephaniah E. Hull
2004-01-30 16:25 ` 2.6.2-rc2-mm2 Gene Heskett
2004-01-30 17:25 ` 2.6.2-rc2-mm2 Gene Heskett
2004-01-30 18:58 ` 2.6.2-rc2-mm2 Torrey Hoffman
2004-01-30 19:07 ` 2.6.2-rc2-mm2 Thomas Schlichter
2004-01-30 19:23 ` 2.6.2-rc2-mm2 Arjan van de Ven
2004-01-30 19:47 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 19:55 ` 2.6.2-rc2-mm2 Arjan van de Ven
2004-01-30 20:17 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 20:33 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 21:12 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 22:00 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 22:31 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 23:08 ` Andrew Morton [this message]
2004-01-30 23:21 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 23:31 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 23:43 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 21:16 ` 2.6.2-rc2-mm2 John Stoffel
2004-01-30 21:52 ` 2.6.2-rc2-mm2 Tim Hockin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040130150819.2425386b.akpm@osdl.org \
--to=akpm@osdl.org \
--cc=arjanv@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=thockin@sun.com \
--cc=thoffman@arnor.net \
--cc=thomas.schlichter@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox