linux/net/sunrpc/auth_gss
J. Bruce Fields 3c34ae11fa nfsd: fix krb5 handling of anonymous principals
krb5 mounts started failing as of
683428fae8 "sunrpc: Update svcgss xdr
handle to rpsec_contect cache".

The problem is that mounts are usually done with some host principal
which isn't normally mapped to any user, in which case svcgssd passes
down uid -1, which the kernel is then expected to map to the
export-specific anonymous uid or gid.

The new uid_valid/gid_valid checks were therefore causing that downcall
to fail.

(Note the regression may not have been seen with older userspace that
tended to map unknown principals to an anonymous id on their own rather
than leaving it to the kernel.)

Reviewed-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2013-03-06 10:11:08 -05:00
..
auth_gss.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-02-26 20:16:07 -08:00
gss_generic_token.c net: return operator cleanup 2010-09-23 14:33:39 -07:00
gss_krb5_crypto.c SUNRPC: Don't use variable length automatic arrays in kernel code 2012-03-12 13:37:16 -04:00
gss_krb5_keys.c NFS: Don't use GFP_KERNEL in rpcsec_gss downcalls 2010-05-14 15:09:33 -04:00
gss_krb5_mech.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
gss_krb5_seal.c SUNRPC: Fix a few sparse warnings 2012-03-11 19:30:02 -04:00
gss_krb5_seqnum.c net: return operator cleanup 2010-09-23 14:33:39 -07:00
gss_krb5_unseal.c gss_krb5: Add support for rc4-hmac encryption 2010-05-14 15:09:20 -04:00
gss_krb5_wrap.c sunrpc: trim off trailing checksum before returning decrypted or integrity authenticated buffer 2013-02-08 15:19:10 -05:00
gss_mech_switch.c SUNRPC: Add missing static declaration to _gss_mech_get_by_name 2013-02-01 10:13:48 -05:00
Makefile Net: sunrpc: auth_gss: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:16 -08:00
svcauth_gss.c nfsd: fix krb5 handling of anonymous principals 2013-03-06 10:11:08 -05:00