nfsd: fix krb5 handling of anonymous principals
authorJ. Bruce Fields <bfields@redhat.com>
Mon, 4 Mar 2013 13:44:01 +0000 (08:44 -0500)
committerJ. Bruce Fields <bfields@redhat.com>
Wed, 6 Mar 2013 15:11:08 +0000 (10:11 -0500)
commit3c34ae11fac3b30629581d0bfaf80f58e82cfbfb
tree7561f10ec0905678ab822ddb176b520d037c2edb
parent6dbe51c251a327e012439c4772097a13df43c5b8
nfsd: fix krb5 handling of anonymous principals

krb5 mounts started failing as of
683428fae8c73d7d7da0fa2e0b6beb4d8df4e808 "sunrpc: Update svcgss xdr
handle to rpsec_contect cache".

The problem is that mounts are usually done with some host principal
which isn't normally mapped to any user, in which case svcgssd passes
down uid -1, which the kernel is then expected to map to the
export-specific anonymous uid or gid.

The new uid_valid/gid_valid checks were therefore causing that downcall
to fail.

(Note the regression may not have been seen with older userspace that
tended to map unknown principals to an anonymous id on their own rather
than leaving it to the kernel.)

Reviewed-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
net/sunrpc/auth_gss/svcauth_gss.c