[patch 1/1] Use uid/gid of -1 to indicate the export's
anonuid/anongid should be used
Kevin Coffman
kwc at citi.umich.edu
Thu Jul 6 10:28:15 EDT 2006
Hi Neil,
Bruce found the kernel code that indicates svcgssd should pass down
(uid_t)-1 if a name mapping cannot be found. The kernel will
interpret this to mean, "use the correct anonuid for this export".
---
Signed-off-by: Kevin Coffman <kwc at citi.umich.edu>
Acked-by: J. Bruce Fields <bfields at fieldses.org>
Kernel routine nfsd_setuser() in fs/nfsd/auth.c checks for the
value -1 and defaults the credential's fsuid/fsgid to the
correct anonuid/anongid values for the given export. We should
be passing this value (-1) down when a name mapping cannot be found.
Thanks to J. Bruce Fields <bfields at fieldses.org> for the reference.
---
nfs-utils-git-kwc/utils/gssd/svcgssd_proc.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff -puN utils/gssd/svcgssd_proc.c~svcgssd_anonuid utils/gssd/svcgssd_proc.c
--- nfs-utils-git/utils/gssd/svcgssd_proc.c~svcgssd_anonuid
2006-07-06 10:11:48.000000000 -0400
+++ nfs-utils-git-kwc/utils/gssd/svcgssd_proc.c 2006-07-06
10:13:59.000000000 -0400
@@ -224,10 +224,13 @@ get_ids(gss_name_t client_name, gss_OID
* -ENOENT means there was no mapping, any other error
* value means there was an error trying to do the
* mapping.
+ * If there was no mapping, we send down the value -1
+ * to indicate that the anonuid/anongid for the export
+ * should be used.
*/
if (res == -ENOENT) {
- cred->cr_uid = 65534; /* XXX */
- cred->cr_gid = 65534; /* XXX */
+ cred->cr_uid = -1;
+ cred->cr_gid = -1;
cred->cr_ngroups = 0;
res = 0;
goto out_free;
_
More information about the NFSv4
mailing list