- /* sanity check: we expect the uid which client claimed is true */
- if (remote) {
- if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_mapped_uid))) {
- CDEBUG(D_SEC, "remote user not mapped, deny access!\n");
- RETURN(-EACCES);
- }
-
- if (ptlrpc_user_desc_do_idmap(req, pud))
- RETURN(-EACCES);
-
- if (req->rq_auth_mapped_uid != pud->pud_uid) {
- CDEBUG(D_SEC, "remote client %s: auth/mapped uid %u/%u "
- "while client claims %u:%u/%u:%u\n",
- libcfs_nid2str(peernid), req->rq_auth_uid,
- req->rq_auth_mapped_uid,
- pud->pud_uid, pud->pud_gid,
- pud->pud_fsuid, pud->pud_fsgid);
- RETURN(-EACCES);
- }
- } else {
- if (req->rq_auth_uid != pud->pud_uid) {
- CDEBUG(D_SEC, "local client %s: auth uid %u "
- "while client claims %u:%u/%u:%u\n",
- libcfs_nid2str(peernid), req->rq_auth_uid,
- pud->pud_uid, pud->pud_gid,
- pud->pud_fsuid, pud->pud_fsgid);
- RETURN(-EACCES);
- }
- }
+ if (!flvr_is_rootonly(req->rq_flvr.sf_rpc) &&
+ req->rq_auth_uid != pud->pud_uid) {
+ CDEBUG(D_SEC, "local client %s: auth uid %u "
+ "while client claims %u:%u/%u:%u\n",
+ libcfs_nid2str(peernid), req->rq_auth_uid,
+ pud->pud_uid, pud->pud_gid,
+ pud->pud_fsuid, pud->pud_fsgid);
+ RETURN(-EACCES);
+ }