Use uid/gid of -1 to indicate the export's anonuid/anongid should be used
authorKevin Coffman <kwc@citi.umich.edu>
Sat, 8 Jul 2006 00:01:40 +0000 (10:01 +1000)
committerNeil Brown <neilb@suse.de>
Sat, 8 Jul 2006 00:01:40 +0000 (10:01 +1000)
Kernel routine nfsd_setuser() in fs/nfsd/auth.c checks for the
value -1 and defaults the credential's fsuid/fsgid to the
correct anonuid/anongid values for the given export.  We should
be passing this value (-1) down when a name mapping cannot be found.
Thanks to J. Bruce Fields <bfields@fieldses.org> for the reference.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Acked-by: J. Bruce Fields <bfields@fieldses.org>
utils/gssd/svcgssd_proc.c

index bf40bc9..7981399 100644 (file)
@@ -224,10 +224,13 @@ get_ids(gss_name_t client_name, gss_OID mech, struct svc_cred *cred)
                 * -ENOENT means there was no mapping, any other error
                 * value means there was an error trying to do the
                 * mapping.
+                * If there was no mapping, we send down the value -1
+                * to indicate that the anonuid/anongid for the export
+                * should be used.
                 */
                if (res == -ENOENT) {
-                       cred->cr_uid = 65534;   /* XXX */
-                       cred->cr_gid = 65534;   /* XXX */
+                       cred->cr_uid = -1;
+                       cred->cr_gid = -1;
                        cred->cr_ngroups = 0;
                        res = 0;
                        goto out_free;