if (grp != uc->mu_fsgid) {
struct group_info *group_info = NULL;
- if (uc->mu_ginfo || (uc->mu_valid == UCRED_OLD))
+ if (uc->mu_ginfo || (uc->mu_valid == UCRED_OLD) ||
+ (!uc->mu_ginfo && !uc->mu_identity))
if ((grp == uc->mu_suppgids[0]) ||
(grp == uc->mu_suppgids[1]))
return 1;
obd->obd_namespace = m->mdt_namespace;
m->mdt_identity_cache = upcall_cache_init(obd->obd_name,
- MDT_IDENTITY_UPCALL_PATH,
+ "NONE",
&mdt_identity_upcall_cache_ops);
if (IS_ERR(m->mdt_identity_cache)) {
rc = PTR_ERR(m->mdt_identity_cache);
uc->mu_valid = UCRED_INVALID;
- /* get identity info of this user */
- identity = mdt_identity_get(mdt->mdt_identity_cache, body->fsuid);
- if (!identity) {
- CERROR("Deny access without identity: uid %d\n", body->fsuid);
- RETURN(-EACCES);
+ if (!is_identity_get_disabled(mdt->mdt_identity_cache)) {
+ /* get identity info of this user */
+ identity = mdt_identity_get(mdt->mdt_identity_cache,
+ body->fsuid);
+ if (!identity) {
+ CERROR("Deny access without identity: uid %d\n",
+ body->fsuid);
+ RETURN(-EACCES);
+ }
}
uc->mu_valid = UCRED_OLD;
uc->mu_valid = UCRED_INVALID;
- /* get identity info of this user */
- identity = mdt_identity_get(mdt->mdt_identity_cache, uc->mu_fsuid);
- if (!identity) {
- CERROR("Deny access without identity: uid %d\n", uc->mu_fsuid);
- RETURN(-EACCES);
+ if (!is_identity_get_disabled(mdt->mdt_identity_cache)) {
+ /* get identity info of this user */
+ identity = mdt_identity_get(mdt->mdt_identity_cache,
+ uc->mu_fsuid);
+ if (!identity) {
+ CERROR("Deny access without identity: uid %d\n",
+ uc->mu_fsuid);
+ RETURN(-EACCES);
+ }
}
uc->mu_valid = UCRED_OLD;
}
}
+ if (is_identity_get_disabled(mdt->mdt_identity_cache)) {
+ if (med->med_rmtclient) {
+ CERROR("remote client must run with identity_get "
+ "enabled!\n");
+ RETURN(-EACCES);
+ } else {
+ setxid_perm |= LUSTRE_SETGRP_PERM;
+ goto check_squash;
+ }
+ }
+
identity = mdt_identity_get(mdt->mdt_identity_cache, pud->pud_uid);
if (!identity) {
CERROR("Deny access without identity: uid %d\n",
GOTO(out, rc = -EACCES);
}
+check_squash:
/* FIXME: The exact behavior of root_squash is not defined. */
root_squashed = mdt_squash_root(mdt, ucred, pud, peernid);
if (!root_squashed) {