From d28fcc830c2eadc526e43b0a5f6d2ed04e7421ef Mon Sep 17 00:00:00 2001
From: "J. Bruce Fields" <bfields@redhat.com>
Date: Mon, 29 Apr 2013 18:21:29 -0400
Subject: svcrpc: fix gss-proxy to respect user namespaces

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
 net/sunrpc/auth_gss/gss_rpc_xdr.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

(limited to 'net/sunrpc/auth_gss')

diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c
index d0ccdffa7e54..5c4c61d527e2 100644
--- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
+++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
@@ -216,13 +216,13 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr,
 	err = get_s32(&q, end, &tmp);
 	if (err)
 		return err;
-	creds->cr_uid = tmp;
+	creds->cr_uid = make_kuid(&init_user_ns, tmp);
 
 	/* gid */
 	err = get_s32(&q, end, &tmp);
 	if (err)
 		return err;
-	creds->cr_gid = tmp;
+	creds->cr_gid = make_kgid(&init_user_ns, tmp);
 
 	/* number of additional gid's */
 	err = get_s32(&q, end, &tmp);
@@ -235,15 +235,21 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr,
 
 	/* gid's */
 	for (i = 0; i < N; i++) {
+		kgid_t kgid;
 		err = get_s32(&q, end, &tmp);
-		if (err) {
-			groups_free(creds->cr_group_info);
-			return err;
-		}
-		GROUP_AT(creds->cr_group_info, i) = tmp;
+		if (err)
+			goto out_free_groups;
+		err = -EINVAL;
+		kgid = make_kgid(&init_user_ns, tmp);
+		if (!gid_valid(kgid))
+			goto out_free_groups;
+		GROUP_AT(creds->cr_group_info, i) = kgid;
 	}
 
 	return 0;
+out_free_groups:
+	groups_free(creds->cr_group_info);
+	return err;
 }
 
 static int gssx_dec_option_array(struct xdr_stream *xdr,
-- 
cgit v1.2.3