diff mbox series

NFSD: callback request does not use correct credential for AUTH_SYS

Message ID 1680380528-22306-1-git-send-email-dai.ngo@oracle.com (mailing list archive)
State New, archived
Headers show
Series NFSD: callback request does not use correct credential for AUTH_SYS | expand

Commit Message

Dai Ngo April 1, 2023, 8:22 p.m. UTC 
Currently callback request does not use the credential specified in
CREATE_SESSION if the security flavor for the back channel is AUTH_SYS.

Problem was discovered by pynfs 4.1 DELEG5 and DELEG7 test with error:
DELEG5   st_delegation.testCBSecParms     : FAILURE
           expected callback with uid, gid == 17, 19, got 0, 0

Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
---
 fs/nfsd/nfs4callback.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Chuck Lever April 2, 2023, 3:09 p.m. UTC | #1 
> On Apr 1, 2023, at 4:22 PM, Dai Ngo <dai.ngo@oracle.com> wrote:
> 
> Currently callback request does not use the credential specified in
> CREATE_SESSION if the security flavor for the back channel is AUTH_SYS.
> 
> Problem was discovered by pynfs 4.1 DELEG5 and DELEG7 test with error:
> DELEG5   st_delegation.testCBSecParms     : FAILURE
>           expected callback with uid, gid == 17, 19, got 0, 0
> 
> Signed-off-by: Dai Ngo <dai.ngo@oracle.com>

Does

Fixes: 8276c902bbe9 ("SUNRPC: remove uid and gid from struct auth_cred")

sound OK to everyone?


> ---
> fs/nfsd/nfs4callback.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
> index 2a815f5a52c4..4039ffcf90ba 100644
> --- a/fs/nfsd/nfs4callback.c
> +++ b/fs/nfsd/nfs4callback.c
> @@ -946,8 +946,8 @@ static const struct cred *get_backchannel_cred(struct nfs4_client *clp, struct r
> if (!kcred)
> return NULL;
> 
> - kcred->uid = ses->se_cb_sec.uid;
> - kcred->gid = ses->se_cb_sec.gid;
> + kcred->fsuid = ses->se_cb_sec.uid;
> + kcred->fsgid = ses->se_cb_sec.gid;
> return kcred;
> }
> }
> -- 
> 2.9.5
> 

--
Chuck Lever
NeilBrown April 2, 2023, 11:53 p.m. UTC | #2 
On Mon, 03 Apr 2023, Chuck Lever III wrote:
> 
> > On Apr 1, 2023, at 4:22 PM, Dai Ngo <dai.ngo@oracle.com> wrote:
> > 
> > Currently callback request does not use the credential specified in
> > CREATE_SESSION if the security flavor for the back channel is AUTH_SYS.
> > 
> > Problem was discovered by pynfs 4.1 DELEG5 and DELEG7 test with error:
> > DELEG5   st_delegation.testCBSecParms     : FAILURE
> >           expected callback with uid, gid == 17, 19, got 0, 0
> > 
> > Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
> 
> Does
> 
> Fixes: 8276c902bbe9 ("SUNRPC: remove uid and gid from struct auth_cred")
> 
> sound OK to everyone?

Yes, that looks right to me.  Thanks.

NeilBrown

> 
> 
> > ---
> > fs/nfsd/nfs4callback.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
> > index 2a815f5a52c4..4039ffcf90ba 100644
> > --- a/fs/nfsd/nfs4callback.c
> > +++ b/fs/nfsd/nfs4callback.c
> > @@ -946,8 +946,8 @@ static const struct cred *get_backchannel_cred(struct nfs4_client *clp, struct r
> > if (!kcred)
> > return NULL;
> > 
> > - kcred->uid = ses->se_cb_sec.uid;
> > - kcred->gid = ses->se_cb_sec.gid;
> > + kcred->fsuid = ses->se_cb_sec.uid;
> > + kcred->fsgid = ses->se_cb_sec.gid;
> > return kcred;
> > }
> > }
> > -- 
> > 2.9.5
> > 
> 
> --
> Chuck Lever
> 
> 
>
Jeff Layton April 4, 2023, 10:54 a.m. UTC | #3 
On Sat, 2023-04-01 at 13:22 -0700, Dai Ngo wrote:
> Currently callback request does not use the credential specified in
> CREATE_SESSION if the security flavor for the back channel is AUTH_SYS.
> 
> Problem was discovered by pynfs 4.1 DELEG5 and DELEG7 test with error:
> DELEG5   st_delegation.testCBSecParms     : FAILURE
>            expected callback with uid, gid == 17, 19, got 0, 0
> 
> Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
> ---
>  fs/nfsd/nfs4callback.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
> index 2a815f5a52c4..4039ffcf90ba 100644
> --- a/fs/nfsd/nfs4callback.c
> +++ b/fs/nfsd/nfs4callback.c
> @@ -946,8 +946,8 @@ static const struct cred *get_backchannel_cred(struct nfs4_client *clp, struct r
>  		if (!kcred)
>  			return NULL;
>  
> -		kcred->uid = ses->se_cb_sec.uid;
> -		kcred->gid = ses->se_cb_sec.gid;
> +		kcred->fsuid = ses->se_cb_sec.uid;
> +		kcred->fsgid = ses->se_cb_sec.gid;
>  		return kcred;
>  	}
>  }

Reviewed-by: Jeff Layton <jlayton@kernel.org>
diff mbox series

Patch

diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index 2a815f5a52c4..4039ffcf90ba 100644
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -946,8 +946,8 @@  static const struct cred *get_backchannel_cred(struct nfs4_client *clp, struct r
 		if (!kcred)
 			return NULL;
 
-		kcred->uid = ses->se_cb_sec.uid;
-		kcred->gid = ses->se_cb_sec.gid;
+		kcred->fsuid = ses->se_cb_sec.uid;
+		kcred->fsgid = ses->se_cb_sec.gid;
 		return kcred;
 	}
 }