2023-04-01 20:30:46

by Dai Ngo

[permalink] [raw]
Subject: [PATCH] NFSD: callback request does not use correct credential for AUTH_SYS

Currently callback request does not use the credential specified in
CREATE_SESSION if the security flavor for the back channel is AUTH_SYS.

Problem was discovered by pynfs 4.1 DELEG5 and DELEG7 test with error:
DELEG5 st_delegation.testCBSecParms : FAILURE
expected callback with uid, gid == 17, 19, got 0, 0

Signed-off-by: Dai Ngo <[email protected]>
---
fs/nfsd/nfs4callback.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index 2a815f5a52c4..4039ffcf90ba 100644
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -946,8 +946,8 @@ static const struct cred *get_backchannel_cred(struct nfs4_client *clp, struct r
if (!kcred)
return NULL;

- kcred->uid = ses->se_cb_sec.uid;
- kcred->gid = ses->se_cb_sec.gid;
+ kcred->fsuid = ses->se_cb_sec.uid;
+ kcred->fsgid = ses->se_cb_sec.gid;
return kcred;
}
}
--
2.9.5


2023-04-02 15:15:55

by Chuck Lever III

[permalink] [raw]
Subject: Re: [PATCH] NFSD: callback request does not use correct credential for AUTH_SYS



> On Apr 1, 2023, at 4:22 PM, Dai Ngo <[email protected]> wrote:
>
> Currently callback request does not use the credential specified in
> CREATE_SESSION if the security flavor for the back channel is AUTH_SYS.
>
> Problem was discovered by pynfs 4.1 DELEG5 and DELEG7 test with error:
> DELEG5 st_delegation.testCBSecParms : FAILURE
> expected callback with uid, gid == 17, 19, got 0, 0
>
> Signed-off-by: Dai Ngo <[email protected]>

Does

Fixes: 8276c902bbe9 ("SUNRPC: remove uid and gid from struct auth_cred")

sound OK to everyone?


> ---
> fs/nfsd/nfs4callback.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
> index 2a815f5a52c4..4039ffcf90ba 100644
> --- a/fs/nfsd/nfs4callback.c
> +++ b/fs/nfsd/nfs4callback.c
> @@ -946,8 +946,8 @@ static const struct cred *get_backchannel_cred(struct nfs4_client *clp, struct r
> if (!kcred)
> return NULL;
>
> - kcred->uid = ses->se_cb_sec.uid;
> - kcred->gid = ses->se_cb_sec.gid;
> + kcred->fsuid = ses->se_cb_sec.uid;
> + kcred->fsgid = ses->se_cb_sec.gid;
> return kcred;
> }
> }
> --
> 2.9.5
>

--
Chuck Lever


2023-04-03 00:38:27

by NeilBrown

[permalink] [raw]
Subject: Re: [PATCH] NFSD: callback request does not use correct credential for AUTH_SYS

On Mon, 03 Apr 2023, Chuck Lever III wrote:
>
> > On Apr 1, 2023, at 4:22 PM, Dai Ngo <[email protected]> wrote:
> >
> > Currently callback request does not use the credential specified in
> > CREATE_SESSION if the security flavor for the back channel is AUTH_SYS.
> >
> > Problem was discovered by pynfs 4.1 DELEG5 and DELEG7 test with error:
> > DELEG5 st_delegation.testCBSecParms : FAILURE
> > expected callback with uid, gid == 17, 19, got 0, 0
> >
> > Signed-off-by: Dai Ngo <[email protected]>
>
> Does
>
> Fixes: 8276c902bbe9 ("SUNRPC: remove uid and gid from struct auth_cred")
>
> sound OK to everyone?

Yes, that looks right to me. Thanks.

NeilBrown

>
>
> > ---
> > fs/nfsd/nfs4callback.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
> > index 2a815f5a52c4..4039ffcf90ba 100644
> > --- a/fs/nfsd/nfs4callback.c
> > +++ b/fs/nfsd/nfs4callback.c
> > @@ -946,8 +946,8 @@ static const struct cred *get_backchannel_cred(struct nfs4_client *clp, struct r
> > if (!kcred)
> > return NULL;
> >
> > - kcred->uid = ses->se_cb_sec.uid;
> > - kcred->gid = ses->se_cb_sec.gid;
> > + kcred->fsuid = ses->se_cb_sec.uid;
> > + kcred->fsgid = ses->se_cb_sec.gid;
> > return kcred;
> > }
> > }
> > --
> > 2.9.5
> >
>
> --
> Chuck Lever
>
>
>

2023-04-04 11:04:57

by Jeff Layton

[permalink] [raw]
Subject: Re: [PATCH] NFSD: callback request does not use correct credential for AUTH_SYS

On Sat, 2023-04-01 at 13:22 -0700, Dai Ngo wrote:
> Currently callback request does not use the credential specified in
> CREATE_SESSION if the security flavor for the back channel is AUTH_SYS.
>
> Problem was discovered by pynfs 4.1 DELEG5 and DELEG7 test with error:
> DELEG5 st_delegation.testCBSecParms : FAILURE
> expected callback with uid, gid == 17, 19, got 0, 0
>
> Signed-off-by: Dai Ngo <[email protected]>
> ---
> fs/nfsd/nfs4callback.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
> index 2a815f5a52c4..4039ffcf90ba 100644
> --- a/fs/nfsd/nfs4callback.c
> +++ b/fs/nfsd/nfs4callback.c
> @@ -946,8 +946,8 @@ static const struct cred *get_backchannel_cred(struct nfs4_client *clp, struct r
> if (!kcred)
> return NULL;
>
> - kcred->uid = ses->se_cb_sec.uid;
> - kcred->gid = ses->se_cb_sec.gid;
> + kcred->fsuid = ses->se_cb_sec.uid;
> + kcred->fsgid = ses->se_cb_sec.gid;
> return kcred;
> }
> }

Reviewed-by: Jeff Layton <[email protected]>