+ if (remote) {
+ if (!mdt->mdt_opts.mo_oss_capa) {
+ CDEBUG(D_SEC, "client %s -> target %s is set as remote,"
+ " but OSS capabilities are not enabled: %d.\n",
+ client, obd->obd_name, mdt->mdt_opts.mo_oss_capa);
+ RETURN(-EACCES);
+ }
+ } else {
+ if (req->rq_auth_uid == INVALID_UID) {
+ CDEBUG(D_SEC, "client %s -> target %s: user is not "
+ "authenticated!\n", client, obd->obd_name);
+ RETURN(-EACCES);
+ }
+ }
+
+ switch (mdt->mdt_sec_level) {
+ case LUSTRE_SEC_NONE:
+ if (!remote) {
+ mdt_init_sec_none(reply, exp);
+ break;
+ } else {
+ CDEBUG(D_SEC, "client %s -> target %s is set as remote, "
+ "can not run under security level %d.\n",
+ client, obd->obd_name, mdt->mdt_sec_level);
+ RETURN(-EACCES);
+ }
+ case LUSTRE_SEC_REMOTE:
+ if (!remote)
+ mdt_init_sec_none(reply, exp);
+ break;
+ case LUSTRE_SEC_ALL:
+ if (!remote) {
+ reply->ocd_connect_flags &= ~(OBD_CONNECT_RMT_CLIENT |
+ OBD_CONNECT_RMT_CLIENT_FORCE);
+ if (!mdt->mdt_opts.mo_mds_capa)
+ reply->ocd_connect_flags &= ~OBD_CONNECT_MDS_CAPA;
+ if (!mdt->mdt_opts.mo_oss_capa)
+ reply->ocd_connect_flags &= ~OBD_CONNECT_OSS_CAPA;
+
+ cfs_spin_lock(&exp->exp_lock);
+ exp->exp_connect_flags = reply->ocd_connect_flags;
+ cfs_spin_unlock(&exp->exp_lock);
+ }
+ break;
+ default:
+ RETURN(-EINVAL);
+ }
+
+ RETURN(rc);
+}
+
+int mdt_init_idmap(struct mdt_thread_info *info)
+{
+ struct ptlrpc_request *req = mdt_info_req(info);
+ struct mdt_export_data *med = mdt_req2med(req);
+ struct obd_export *exp = req->rq_export;
+ char *client = libcfs_nid2str(req->rq_peer.nid);
+ struct obd_device *obd = exp->exp_obd;
+ int rc = 0;
+ ENTRY;
+
+ if (exp_connect_rmtclient(exp)) {
+ cfs_mutex_lock(&med->med_idmap_mutex);