From: "J. Bruce Fields" <bfields@xxxxxxxxxx>
We really shouldn't allow a client to be created with cl_mach_cred set
unless it also has a principal name.
This also allows us to fail such cases immediately on EXCHANGE_ID as
opposed to waiting and incorrectly returning WRONG_CRED on the following
CREATE_SESSION.
Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx>
---
fs/nfsd/nfs4state.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 5b1be1ab700b..36ad22a15d61 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -2384,6 +2384,15 @@ nfsd4_exchange_id(struct svc_rqst *rqstp,
status = nfserr_inval;
goto out_nolock;
}
+ /*
+ * Sometimes userspace doesn't give us a principal.
+ * Which is a bug, really. Anyway, we can't enforce
+ * MACH_CRED in that case, better to give up now:
+ */
+ if (!new->cl_cred.cr_principal) {
+ status = nfserr_serverfault;
+ goto out_nolock;
+ }
new->cl_mach_cred = true;
case SP4_NONE:
break;
--
2.5.0
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
