#include <asm/uaccess.h>
#include <linux/slab.h>
#include <asm/segment.h>
+#include <linux/random.h>
#include <linux/obd_support.h>
#include <linux/lustre_lib.h>
+#include <linux/lustre_sec.h>
#include <linux/lustre_ucache.h>
+#include <linux/lustre_gs.h>
+#include <linux/lustre_fsfilt.h>
+
#include "mds_internal.h"
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,4)
RETURN(rc);
}
+void mds_inode2id(struct obd_device *obd, struct lustre_id *id,
+ struct inode *inode, __u64 fid)
+{
+ struct mds_obd *mds = &obd->u.mds;
+ ENTRY;
+
+ LASSERT(inode != NULL);
+ LASSERT(id != NULL);
+ LASSERT(fid != 0);
+
+ id_fid(id) = fid;
+ id_ino(id) = inode->i_ino;
+ id_group(id) = mds->mds_num;
+ id_gen(id) = inode->i_generation;
+ id_type(id) = (S_IFMT & inode->i_mode);
+
+ EXIT;
+}
+
+int mds_pack_gskey(struct obd_device *obd, struct lustre_msg *repmsg,
+ int *offset, struct mds_body *body, struct inode *inode)
+{
+ struct crypto_key_md *md_key;
+ struct crypto_key *ckey;
+ __u32 buflen, *sizep;
+ void *buf;
+ int size, rc = 0;
+ ENTRY;
+
+ sizep = lustre_msg_buf(repmsg, (*offset)++, 4);
+ if (!sizep) {
+ CERROR("can't locate returned ckey size buf\n");
+ RETURN(-EPROTO);
+ }
+ *sizep = cpu_to_le32(sizeof(*ckey));
+
+ OBD_ALLOC(md_key, sizeof(*md_key));
+ if (!md_key)
+ RETURN(-ENOMEM);
+
+ buflen = repmsg->buflens[*offset];
+ buf = lustre_msg_buf(repmsg, (*offset)++, buflen);
+
+ size = fsfilt_get_md(obd, inode, md_key, sizeof(*md_key),
+ EA_KEY);
+ if (size <= 0) {
+ if (size < 0)
+ CERROR("Can not get gskey from MDS ino %lu rc %d\n",
+ inode->i_ino, size);
+ GOTO(out, rc = size);
+ }
+ if (le32_to_cpu(md_key->md_magic) != MD_KEY_MAGIC) {
+ CDEBUG(D_INFO, "given match %x != magic %x\n",
+ md_key->md_magic, MD_KEY_MAGIC);
+ GOTO(out, rc = 0);
+ }
+
+ CDEBUG(D_INFO, "get key %s mac %s for ino %lu size %d \n",
+ md_key->md_ck.ck_key, md_key->md_ck.ck_mac, inode->i_ino, size);
+ ckey=(struct crypto_key*)buf;
+
+ memcpy(ckey, &md_key->md_ck, sizeof(*ckey));
+ body->valid |= OBD_MD_FLKEY;
+out:
+ OBD_FREE(md_key, sizeof(*md_key));
+ RETURN(rc);
+}
+
+static int mds_get_gskey(struct inode *inode, struct crypto_key *ckey)
+{
+ LASSERT(ckey);
+ /*tmp create gs key here*/
+ LASSERT(ckey->ck_type == MKS_TYPE);
+ get_random_bytes(ckey->ck_key, KEY_SIZE);
+ RETURN(0);
+}
+
+int mds_set_gskey(struct obd_device *obd, void *handle,
+ struct inode *inode, void *key, int key_len,
+ int valid)
+{
+ struct crypto_key_md *md_key = NULL;
+ struct crypto_key *ckey = (struct crypto_key *)key;
+ int rc = 0;
+ ENTRY;
+
+ if (!ckey)
+ RETURN(0);
+
+ LASSERT(ckey->ck_type == MKS_TYPE || ckey->ck_type == GKS_TYPE);
+
+ OBD_ALLOC(md_key, sizeof(*md_key));
+ if (ckey->ck_type == MKS_TYPE)
+ mds_get_gskey(inode, ckey);
+
+ rc = fsfilt_get_md(obd, inode, md_key, sizeof(*md_key),
+ EA_KEY);
+ if (rc < 0)
+ GOTO(free, rc);
+ LASSERT(le32_to_cpu(md_key->md_magic) == MD_KEY_MAGIC ||
+ md_key->md_magic == 0);
+
+ if (le32_to_cpu(md_key->md_magic) == MD_KEY_MAGIC) {
+ CDEBUG(D_INFO, "reset key %s mac %s", md_key->md_ck.ck_mac,
+ md_key->md_ck.ck_key);
+ }
+
+ md_key->md_magic = cpu_to_le32(MD_KEY_MAGIC);
+ /*get key and mac from request buffer*/
+ if (valid & ATTR_MAC) {
+ memcpy(md_key->md_ck.ck_mac, ckey->ck_mac, MAC_SIZE);
+ CDEBUG(D_INFO, "set mac %s for ino %lu \n",
+ md_key->md_ck.ck_mac, inode->i_ino);
+ }
+ if (valid & ATTR_KEY) {
+ memcpy(md_key->md_ck.ck_key, ckey->ck_key, KEY_SIZE);
+ CDEBUG(D_INFO, "set key %s for ino %lu \n",
+ md_key->md_ck.ck_key, inode->i_ino);
+ }
+ rc = fsfilt_set_md(obd, inode, handle, md_key, sizeof(*md_key), EA_KEY);
+free:
+ if (md_key)
+ OBD_FREE(md_key, sizeof(*md_key));
+ RETURN(rc);
+}
+
+int mds_set_crypto_type(struct obd_device *obd, void *val, __u32 vallen)
+{
+ struct mds_obd *mds = &obd->u.mds;
+ ENTRY;
+ if (vallen >= strlen("mks") &&
+ memcmp(val, "mks", vallen) == 0) {
+ mds->mds_crypto_type = MKS_TYPE;
+ CDEBUG(D_IOCTL, "mks type\n");
+ }
+ if (vallen >= strlen("gks") &&
+ memcmp(val, "gks", vallen) == 0) {
+ mds->mds_crypto_type = GKS_TYPE;
+ CDEBUG(D_IOCTL, "gks type \n");
+ }
+ RETURN(0);
+}
+
/* Note that we can copy all of the fields, just some will not be "valid" */
void mds_pack_inode2body(struct obd_device *obd, struct mds_body *b,
struct inode *inode, int fid)
RETURN (-EFAULT);
r->ur_id1 = &rec->sa_id;
+ r->ur_flags = rec->sa_flags;
attr->ia_valid = rec->sa_valid;
attr->ia_mode = rec->sa_mode;
attr->ia_uid = rec->sa_uid;
LTIME_S(attr->ia_ctime) = rec->sa_ctime;
attr->ia_attr_flags = rec->sa_attr_flags;
- LASSERT_REQSWAB (req, offset + 1);
+ LASSERT_REQSWAB(req, offset + 1);
if (req->rq_reqmsg->bufcount > offset + 1) {
- r->ur_eadata = lustre_msg_buf (req->rq_reqmsg,
- offset + 1, 0);
+ r->ur_eadata = lustre_msg_buf(req->rq_reqmsg,
+ offset + 1, 0);
if (r->ur_eadata == NULL)
RETURN (-EFAULT);
r->ur_eadatalen = req->rq_reqmsg->buflens[offset + 1];
r->ur_ea2datalen = req->rq_reqmsg->buflens[offset + 2];
}
+ if (req->rq_reqmsg->bufcount > offset + 3) {
+ r->ur_ea3data = lustre_msg_buf(req->rq_reqmsg, offset + 3, 0);
+ if (r->ur_ea3data == NULL)
+ RETURN (-EFAULT);
+
+ r->ur_ea3datalen = req->rq_reqmsg->buflens[offset + 3];
+ }
+
RETURN(0);
}
struct mds_rec_create *rec;
ENTRY;
- rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
- lustre_swab_mds_rec_create);
+ rec = lustre_swab_reqbuf(req, offset, sizeof(*rec),
+ lustre_swab_mds_rec_create);
if (rec == NULL)
RETURN (-EFAULT);
r->ur_time = rec->cr_time;
r->ur_flags = rec->cr_flags;
- LASSERT_REQSWAB (req, offset + 1);
- r->ur_name = lustre_msg_string (req->rq_reqmsg, offset + 1, 0);
+ LASSERT_REQSWAB(req, offset + 1);
+ r->ur_name = lustre_msg_string(req->rq_reqmsg, offset + 1, 0);
if (r->ur_name == NULL)
- RETURN (-EFAULT);
+ RETURN(-EFAULT);
r->ur_namelen = req->rq_reqmsg->buflens[offset + 1];
- LASSERT_REQSWAB (req, offset + 2);
+ LASSERT_REQSWAB(req, offset + 2);
if (req->rq_reqmsg->bufcount > offset + 2) {
if (S_ISLNK(r->ur_mode)) {
r->ur_tgt = lustre_msg_string(req->rq_reqmsg,
offset + 2, 0);
if (r->ur_tgt == NULL)
- RETURN (-EFAULT);
+ RETURN(-EFAULT);
r->ur_tgtlen = req->rq_reqmsg->buflens[offset + 2];
} else if (S_ISDIR(r->ur_mode) ) {
/* Stripe info for mkdir - just a 16bit integer */
CERROR("mkdir stripe info does not match "
"expected size %d vs 2\n",
req->rq_reqmsg->buflens[offset + 2]);
- RETURN (-EINVAL);
+ RETURN(-EINVAL);
}
- r->ur_eadata = lustre_swab_buf (req->rq_reqmsg,
- offset + 2, 2, __swab16s);
+ r->ur_eadata = lustre_swab_buf(req->rq_reqmsg,
+ offset + 2, 2,
+ __swab16s);
r->ur_eadatalen = req->rq_reqmsg->buflens[offset + 2];
} else if (S_ISREG(r->ur_mode)){
- r->ur_eadata = lustre_msg_buf (req->rq_reqmsg,
- offset + 2, 0);
+ r->ur_eadata = lustre_msg_buf(req->rq_reqmsg,
+ offset + 2, 0);
r->ur_eadatalen = req->rq_reqmsg->buflens[offset + 2];
} else {
/* Hm, no other users so far? */
struct mds_rec_link *rec;
ENTRY;
- rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
- lustre_swab_mds_rec_link);
+ rec = lustre_swab_reqbuf(req, offset, sizeof(*rec),
+ lustre_swab_mds_rec_link);
if (rec == NULL)
- RETURN (-EFAULT);
+ RETURN(-EFAULT);
r->ur_id1 = &rec->lk_id1;
r->ur_id2 = &rec->lk_id2;
r->ur_time = rec->lk_time;
+ r->ur_flags = rec->lk_flags;
- LASSERT_REQSWAB (req, offset + 1);
- r->ur_name = lustre_msg_string (req->rq_reqmsg, offset + 1, 0);
+ LASSERT_REQSWAB(req, offset + 1);
+ r->ur_name = lustre_msg_string(req->rq_reqmsg, offset + 1, 0);
if (r->ur_name == NULL)
- RETURN (-EFAULT);
+ RETURN(-EFAULT);
r->ur_namelen = req->rq_reqmsg->buflens[offset + 1];
RETURN(0);
}
struct mds_rec_unlink *rec;
ENTRY;
- rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
- lustre_swab_mds_rec_unlink);
+ rec = lustre_swab_reqbuf(req, offset, sizeof (*rec),
+ lustre_swab_mds_rec_unlink);
if (rec == NULL)
RETURN(-EFAULT);
r->ur_id1 = &rec->ul_id1;
r->ur_id2 = &rec->ul_id2;
r->ur_time = rec->ul_time;
+ r->ur_flags = rec->ul_flags;
- LASSERT_REQSWAB (req, offset + 1);
+ LASSERT_REQSWAB(req, offset + 1);
r->ur_name = lustre_msg_string(req->rq_reqmsg, offset + 1, 0);
if (r->ur_name == NULL)
RETURN(-EFAULT);
struct mds_rec_rename *rec;
ENTRY;
- rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
- lustre_swab_mds_rec_rename);
+ rec = lustre_swab_reqbuf(req, offset, sizeof (*rec),
+ lustre_swab_mds_rec_rename);
if (rec == NULL)
RETURN(-EFAULT);
r->ur_id1 = &rec->rn_id1;
r->ur_id2 = &rec->rn_id2;
r->ur_time = rec->rn_time;
+ r->ur_flags = rec->rn_flags;
- LASSERT_REQSWAB (req, offset + 1);
+ LASSERT_REQSWAB(req, offset + 1);
r->ur_name = lustre_msg_string(req->rq_reqmsg, offset + 1, 0);
if (r->ur_name == NULL)
RETURN(-EFAULT);
r->ur_namelen = req->rq_reqmsg->buflens[offset + 1];
- LASSERT_REQSWAB (req, offset + 2);
+ LASSERT_REQSWAB(req, offset + 2);
r->ur_tgt = lustre_msg_string(req->rq_reqmsg, offset + 2, 0);
if (r->ur_tgt == NULL)
RETURN(-EFAULT);
struct mds_rec_create *rec;
ENTRY;
- rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
- lustre_swab_mds_rec_create);
+ rec = lustre_swab_reqbuf(req, offset, sizeof (*rec),
+ lustre_swab_mds_rec_create);
if (rec == NULL)
RETURN(-EFAULT);
r->ur_rdev = rec->cr_rdev;
r->ur_time = rec->cr_time;
r->ur_flags = rec->cr_flags;
+ r->ur_ioepoch = rec->cr_ioepoch;
- LASSERT_REQSWAB (req, offset + 1);
- r->ur_name = lustre_msg_string (req->rq_reqmsg, offset + 1, 0);
+ LASSERT_REQSWAB(req, offset + 1);
+ r->ur_name = lustre_msg_string(req->rq_reqmsg, offset + 1, 0);
+
if (r->ur_name == NULL)
- RETURN (-EFAULT);
+ RETURN(-EFAULT);
r->ur_namelen = req->rq_reqmsg->buflens[offset + 1];
- LASSERT_REQSWAB (req, offset + 2);
+ LASSERT_REQSWAB(req, offset + 2);
if (req->rq_reqmsg->bufcount > offset + 2) {
r->ur_eadata = lustre_msg_buf(req->rq_reqmsg, offset + 2, 0);
if (r->ur_eadata == NULL)
RETURN(-EFAULT);
r->ur_eadatalen = req->rq_reqmsg->buflens[offset + 2];
}
+
+ if (rec->cr_flags & MDS_OPEN_HAS_KEY) {
+ LASSERT(req->rq_reqmsg->bufcount > offset + 3);
+ r->ur_ea2data = lustre_msg_buf(req->rq_reqmsg, offset + 3, 0);
+ r->ur_ea2datalen = req->rq_reqmsg->buflens[offset + 3];
+ }
RETURN(0);
}
int rc;
ENTRY;
- /*
- * NB don't lustre_swab_reqbuf() here. We're just taking a peek and we
+ /* NB don't lustre_swab_reqbuf() here. We're just taking a peek and we
* want to leave it to the specific unpacker once we've identified the
- * message type.
- */
- opcodep = lustre_msg_buf (req->rq_reqmsg, offset, sizeof(*opcodep));
+ * message type. */
+ opcodep = lustre_msg_buf(req->rq_reqmsg, offset, sizeof(*opcodep));
if (opcodep == NULL)
RETURN(-EFAULT);
opcode = *opcodep;
- if (lustre_msg_swabbed (req->rq_reqmsg))
- __swab32s (&opcode);
+ if (lustre_msg_swabbed(req->rq_reqmsg))
+ __swab32s(&opcode);
if (opcode > REINT_MAX ||
mds_unpackers[opcode] == NULL) {
- CERROR ("Unexpected opcode %d\n", opcode);
+ CERROR("Unexpected opcode %d\n", opcode);
RETURN(-EFAULT);
}
RETURN(rc);
}
+/*
+ * here we take simple rule: once uid/fsuid is root, we also squash
+ * the gid/fsgid, don't care setuid/setgid attributes.
+ */
+static
+int mds_squash_root(struct mds_obd *mds, struct mds_req_sec_desc *rsd,
+ ptl_nid_t *peernid)
+{
+ if (!mds->mds_squash_uid || *peernid == mds->mds_nosquash_nid)
+ return 0;
+
+ if (rsd->rsd_uid && rsd->rsd_fsuid)
+ return 0;
+
+ CDEBUG(D_SEC, "squash req from "LPX64":"
+ "(%u:%u-%u:%u/%x)=>(%u:%u-%u:%u/%x)\n", *peernid,
+ rsd->rsd_uid, rsd->rsd_gid,
+ rsd->rsd_fsuid, rsd->rsd_fsgid, rsd->rsd_cap,
+ rsd->rsd_uid ? rsd->rsd_uid : mds->mds_squash_uid,
+ rsd->rsd_uid ? rsd->rsd_gid : mds->mds_squash_gid,
+ rsd->rsd_fsuid ? rsd->rsd_fsuid : mds->mds_squash_uid,
+ rsd->rsd_fsuid ? rsd->rsd_fsgid : mds->mds_squash_gid,
+ rsd->rsd_cap & ~CAP_FS_MASK);
+
+ if (rsd->rsd_uid == 0) {
+ rsd->rsd_uid = mds->mds_squash_uid;
+ rsd->rsd_gid = mds->mds_squash_gid;
+ }
+ if (rsd->rsd_fsuid == 0) {
+ rsd->rsd_fsuid = mds->mds_squash_uid;
+ rsd->rsd_fsgid = mds->mds_squash_gid;
+ }
+ rsd->rsd_cap &= ~CAP_FS_MASK;
+
+ return 1;
+}
+
/********************************
* MDS uid/gid mapping handling *
********************************/
EXIT;
}
+/*
+ * return error if can't find mapping, it's a error so should not
+ * fall into nllu/nllg.
+ */
+int mds_remote_perm_do_reverse_map(struct mds_export_data *med,
+ struct mds_remote_perm *perm)
+{
+ uid_t uid;
+ gid_t gid;
+
+ LASSERT(med->med_remote);
+
+ uid = mds_idmap_lookup_uid(med->med_idmap, 1, perm->mrp_auth_uid);
+ if (uid == MDS_IDMAP_NOTFOUND) {
+ CERROR("no map for uid %u\n", perm->mrp_auth_uid);
+ return -EPERM;
+ }
+ gid = mds_idmap_lookup_gid(med->med_idmap, 1, perm->mrp_auth_gid);
+ if (gid == MDS_IDMAP_NOTFOUND) {
+ CERROR("no map for uid %u\n", perm->mrp_auth_uid);
+ return -EPERM;
+ }
+
+ perm->mrp_auth_uid = uid;
+ perm->mrp_auth_gid = gid;
+ return 0;
+}
+
/**********************
* MDS ucred handling *
**********************/
* root could set any group_info if we allowed setgroups, while
* normal user only could 'reduce' their group members -- which
* is somewhat expensive.
+ *
+ * authenticated as mds user (using mds service credential) could
+ * bypass all checkings.
*/
int mds_init_ucred(struct lvfs_ucred *ucred,
struct ptlrpc_request *req,
LASSERT(rsd);
LASSERT(rsd->rsd_ngroups <= LUSTRE_MAX_GROUPS);
- /* XXX We'v no dedicated bits indicating whether GSS is used,
- * and authenticated/mapped uid is valid. currently we suppose
- * gss must initialize rq_sec_svcdata.
- */
- if (req->rq_sec_svcdata && req->rq_auth_uid == -1) {
+ if (SEC_FLAVOR_MAJOR(req->rq_req_secflvr) == PTLRPCS_FLVR_MAJOR_GSS &&
+ (SEC_FLAVOR_SVC(req->rq_req_secflvr) == PTLRPCS_SVC_AUTH ||
+ SEC_FLAVOR_SVC(req->rq_req_secflvr) == PTLRPCS_SVC_PRIV))
+ strong_sec = 1;
+ else
+ strong_sec = 0;
+
+ LASSERT(!(req->rq_remote_realm && !strong_sec));
+
+ if (strong_sec && req->rq_auth_uid == -1) {
CWARN("user not authenticated, deny access\n");
RETURN(-EPERM);
}
- strong_sec = (req->rq_auth_uid != -1);
- LASSERT(!(req->rq_remote_realm && !strong_sec));
-
- /* if we use strong authentication for a local client, we
- * expect the uid which client claimed is true.
+ /* sanity check: if we use strong authentication, we expect the
+ * uid which client claimed is true.
+ * not apply to special mds user .
*/
- if (!med->med_remote && strong_sec &&
- req->rq_auth_uid != rsd->rsd_uid) {
- CWARN("nid "LPX64": UID %u was authenticated while client "
- "claimed %u, enforce to be %u\n",
- peernid, req->rq_auth_uid, rsd->rsd_uid,
- req->rq_auth_uid);
- if (rsd->rsd_uid != rsd->rsd_fsuid)
- rsd->rsd_uid = req->rq_auth_uid;
- else
- rsd->rsd_uid = rsd->rsd_fsuid = req->rq_auth_uid;
- }
+ if (!req->rq_auth_usr_mds && strong_sec) {
+ if (!med->med_remote) {
+ if (req->rq_auth_uid != rsd->rsd_uid) {
+ CERROR("local client "LPU64": auth uid %u "
+ "while client claim %u:%u/%u:%u\n",
+ peernid, req->rq_auth_uid,
+ rsd->rsd_uid, rsd->rsd_gid,
+ rsd->rsd_fsuid, rsd->rsd_fsgid);
+ RETURN(-EPERM);
+ }
+ } else {
+ if (req->rq_mapped_uid == MDS_IDMAP_NOTFOUND) {
+ CWARN("no mapping found, deny\n");
+ RETURN(-EPERM);
+ }
- if (med->med_remote) {
- int rc;
+ if (mds_req_secdesc_do_map(med, rsd))
+ RETURN(-EPERM);
- if (req->rq_mapped_uid == MDS_IDMAP_NOTFOUND) {
- CWARN("no mapping found, deny\n");
- RETURN(-EPERM);
+ if (req->rq_mapped_uid != rsd->rsd_uid) {
+ CERROR("remote client "LPU64": auth uid %u "
+ "while client claim %u:%u/%u:%u\n",
+ peernid, req->rq_auth_uid,
+ rsd->rsd_uid, rsd->rsd_gid,
+ rsd->rsd_fsuid, rsd->rsd_fsgid);
+ RETURN(-EPERM);
+ }
}
-
- rc = mds_req_secdesc_do_map(med, rsd);
- if (rc)
- RETURN(rc);
}
- /* now lsd come into play */
+ /* now LSD come into play */
ucred->luc_ginfo = NULL;
ucred->luc_lsd = lsd = mds_get_lsd(rsd->rsd_uid);
RETURN(-EPERM);
}
- /* find out the setuid/setgid attempt */
- setuid = (rsd->rsd_uid != rsd->rsd_fsuid);
- setgid = (rsd->rsd_gid != rsd->rsd_fsgid ||
- rsd->rsd_gid != lsd->lsd_gid);
-
lsd_perms = mds_lsd_get_perms(lsd, med->med_remote, 0, peernid);
- /* check permission of setuid */
- if (setuid && !(lsd_perms & LSD_PERM_SETUID)) {
- CWARN("mds blocked setuid attempt (%u -> %u) from "LPU64"\n",
- rsd->rsd_uid, rsd->rsd_fsuid, peernid);
- RETURN(-EPERM);
- }
+ /* check setuid/setgid permissions.
+ * again not apply to special mds user.
+ */
+ if (!req->rq_auth_usr_mds) {
+ /* find out the setuid/setgid attempt */
+ setuid = (rsd->rsd_uid != rsd->rsd_fsuid);
+ setgid = (rsd->rsd_gid != rsd->rsd_fsgid ||
+ rsd->rsd_gid != lsd->lsd_gid);
+
+ /* check permission of setuid */
+ if (setuid && !(lsd_perms & LSD_PERM_SETUID)) {
+ CWARN("mds blocked setuid attempt (%u -> %u) "
+ "from "LPU64"\n", rsd->rsd_uid, rsd->rsd_fsuid,
+ peernid);
+ RETURN(-EPERM);
+ }
- /* check permission of setgid */
- if (setgid && !(lsd_perms & LSD_PERM_SETGID)) {
- CWARN("mds blocked setgid attempt (%u/%u -> %u) from "LPU64"\n",
- rsd->rsd_gid, rsd->rsd_fsgid, lsd->lsd_gid, peernid);
- RETURN(-EPERM);
+ /* check permission of setgid */
+ if (setgid && !(lsd_perms & LSD_PERM_SETGID)) {
+ CWARN("mds blocked setgid attempt (%u:%u/%u:%u -> %u) "
+ "from "LPU64"\n", rsd->rsd_uid, rsd->rsd_gid,
+ rsd->rsd_fsuid, rsd->rsd_fsgid, lsd->lsd_gid,
+ peernid);
+ RETURN(-EPERM);
+ }
}
root_squashed = mds_squash_root(mds, rsd, &peernid);
rsd->rsd_cap &= ~CAP_FS_MASK;
/* by now every fields other than groups in rsd have been granted */
+ ucred->luc_nid = peernid;
ucred->luc_uid = rsd->rsd_uid;
ucred->luc_gid = rsd->rsd_gid;
ucred->luc_fsuid = rsd->rsd_fsuid;
ucred->luc_fsgid = rsd->rsd_fsgid;
ucred->luc_cap = rsd->rsd_cap;
- /* don't use any supplementary group for remote client or
- * we squashed root */
- if (med->med_remote || root_squashed)
+ /* don't use any supplementary group if we squashed root.
+ * XXX The exact behavior of root_squash is not defined, we just
+ * keep the reminder here */
+ if (root_squashed)
RETURN(0);
/* install groups from LSD */
get_group_info(ucred->luc_ginfo);
}
- /* everything is done if we don't allow setgroups */
- if (!(lsd_perms & LSD_PERM_SETGRP))
+ /* everything is done if we don't allow setgroups, or it is
+ * from remote client (which implies forced to be no-setgroups).
+ *
+ * Note: remote user's supplementary groups sent along the request
+ * (if any) are all ignored, but we make the mapped local user's
+ * supplementary groups take effect.
+ */
+ if (med->med_remote || !(lsd_perms & LSD_PERM_SETGRP))
RETURN(0);
/* root could set any groups as he want (if allowed), normal
drop_ucred_lsd(ucred);
EXIT;
}
+