« Previous | Next » 

Revision c83849b3

IDc83849b3cf4ede85c7c7b1b7c90b20cb817b3285

Added by nthery over 5 years ago

nfs: init real/saved uid/gid in server-side credentials

When unmarshalling a request, the server constructs a ucred
structure (nfsrv_descript.nd_cr) from the credential data in the
RPC. It initializes only the effective uid and gid and leaves
the real and saved uid/gid unitialized. This effectively sets
the real/effective ids to root because nd_cr is first
bzero()'ed.

As a consequence, now that accept(2) checks real uid/gid, all
accept calls to NFS files incorrectly succeed.

Fix this by initializing the real and saved uid/gid in nd_cr to
the same values as the real uid/gid (only the real uid/gid are
RPC'ed to the server).

NOTE: accept(2) and faccessat(2) to NFS files are still broken
in part because the client sends the effective uid/gid to the
server. I'll fix this once I've groked the uid magic in the NFS
code.

Files

  • added
  • modified
  • copied
  • renamed
  • deleted

View differences

Review assignments Add