])
])
+# 3.4 introduced process namespace
+AC_DEFUN([LIBCFS_PROCESS_NAMESPACE],[
+LB_CHECK_LINUX_HEADER([linux/uidgid.h], [
+ AC_DEFINE(HAVE_UIDGID_HEADER, 1, [uidgid.h is present])
+])
+])
+
#
# FC18 3.7.2-201 unexport sock_map_fd() change to
# use sock_alloc_file().
LC_SHRINK_CONTROL
# 3.0
LIBCFS_STACKTRACE_WARNING
+# 3.4
+LIBCFS_PROCESS_NAMESPACE
# 3.7
LIBCFS_SOCK_ALLOC_FILE
# 3.8
#ifndef __LIBCFS_CURPROC_H__
#define __LIBCFS_CURPROC_H__
+#if !defined(HAVE_UIDGID_HEADER) || !defined(__KERNEL__)
+
+typedef uid_t kuid_t;
+typedef gid_t kgid_t;
+
+#define INVALID_UID -1
+#define INVALID_GID -1
+
+#ifndef __KERNEL__
+struct user_namespace {
+ unsigned int pad;
+};
+
+extern struct user_namespace init_user_ns;
+#endif
+
+static inline uid_t __kuid_val(kuid_t uid)
+{
+ return uid;
+}
+
+static inline gid_t __kgid_val(kgid_t gid)
+{
+ return gid;
+}
+
+static inline kuid_t make_kuid(struct user_namespace *from, uid_t uid)
+{
+ return uid;
+}
+
+static inline kgid_t make_kgid(struct user_namespace *from, gid_t gid)
+{
+ return gid;
+}
+
+static inline uid_t from_kuid(struct user_namespace *to, kuid_t uid)
+{
+ return uid;
+}
+
+static inline gid_t from_kgid(struct user_namespace *to, kgid_t gid)
+{
+ return gid;
+}
+
+static inline bool uid_eq(kuid_t left, kuid_t right)
+{
+ return left == right;
+}
+
+static inline bool uid_valid(kuid_t uid)
+{
+ return (uid != INVALID_UID);
+}
+
+static inline bool gid_valid(kgid_t gid)
+{
+ return (gid != INVALID_GID);
+}
+#endif
+
int cfs_get_environ(const char *key, char *value, int *val_len);
typedef __u32 cfs_cap_t;
#ifdef HAVE_LINUX_RANDOM_H
#include <linux/random.h>
#endif
-
+#ifdef HAVE_UIDGID_HEADER
+#include <linux/uidgid.h>
+#endif
+#include <linux/user_namespace.h>
#include <linux/miscdevice.h>
#include <libcfs/linux/portals_compat25.h>
#include <asm/div64.h>
#endif
}
+struct user_namespace init_user_ns __read_mostly;
+EXPORT_SYMBOL(init_user_ns);
+
void cfs_cap_raise(cfs_cap_t cap) {}
void cfs_cap_lower(cfs_cap_t cap) {}
struct cfs_psdev_file pfile;
int rc = 0;
- if (current_fsuid() != 0)
+ if (!capable(CAP_SYS_ADMIN))
return -EACCES;
if ( _IOC_TYPE(cmd) != IOC_LIBCFS_TYPE ||
}
#endif
+struct user_namespace init_user_ns __read_mostly;
+EXPORT_SYMBOL(init_user_ns);
+
uid_t current_uid(void)
{
return getuid();
/* journal_info */ NULL
};
+struct user_namespace init_user_ns __read_mostly;
+EXPORT_SYMBOL(init_user_ns);
uid_t current_uid(void)
{
op_data->op_cli_flags |= CLI_SET_MEA;
err = md_create(sbi->ll_md_exp, op_data, lump, sizeof(*lump), mode,
- current_fsuid(), current_fsgid(),
+ from_kuid(&init_user_ns, current_fsuid()),
+ from_kgid(&init_user_ns, current_fsgid()),
cfs_curproc_cap_pack(), 0, &request);
ll_finish_md_op_data(op_data);
if (err)
RETURN(-EPERM);
break;
case Q_GETQUOTA:
- if (((type == USRQUOTA && current_euid() != id) ||
- (type == GRPQUOTA && !in_egroup_p(id))) &&
+ if (((type == USRQUOTA &&
+ !uid_eq(current_euid(), make_kuid(&init_user_ns, id))) ||
+ (type == GRPQUOTA &&
+ !in_egroup_p(make_kgid(&init_user_ns, id)))) &&
(!cfs_capable(CFS_CAP_SYS_ADMIN) ||
sbi->ll_flags & LL_SBI_RMT_CLIENT))
RETURN(-EPERM);
attr->ia_mode = hui->hui_mode & (S_IRWXU | S_IRWXG | S_IRWXO);
attr->ia_mode |= S_IFREG;
- attr->ia_uid = hui->hui_uid;
- attr->ia_gid = hui->hui_gid;
+ attr->ia_uid = make_kuid(&init_user_ns, hui->hui_uid);
+ attr->ia_gid = make_kgid(&init_user_ns, hui->hui_gid);
attr->ia_size = hui->hui_size;
attr->ia_mtime.tv_sec = hui->hui_mtime;
attr->ia_mtime.tv_nsec = hui->hui_mtime_ns;
/* POSIX: check before ATTR_*TIME_SET set (from inode_change_ok) */
if (attr->ia_valid & TIMES_SET_FLAGS) {
- if (current_fsuid() != inode->i_uid &&
+ if ((!uid_eq(current_fsuid(), inode->i_uid)) &&
!cfs_capable(CFS_CAP_FOWNER))
RETURN(-EPERM);
}
inode->i_blkbits = inode->i_sb->s_blocksize_bits;
}
if (body->valid & OBD_MD_FLUID)
- inode->i_uid = body->uid;
+ inode->i_uid = make_kuid(&init_user_ns, body->uid);
if (body->valid & OBD_MD_FLGID)
- inode->i_gid = body->gid;
+ inode->i_gid = make_kgid(&init_user_ns, body->gid);
if (body->valid & OBD_MD_FLFLAGS)
inode->i_flags = ll_ext_to_inode_flags(body->flags);
if (body->valid & OBD_MD_FLNLINK)
{
struct ll_sb_info *sbi = ll_i2sbi(inode);
- CDEBUG(D_SEC, "flush context for user %d\n", current_uid());
+ CDEBUG(D_SEC, "flush context for user %d\n",
+ from_kuid(&init_user_ns, current_uid()));
obd_set_info_async(NULL, sbi->ll_md_exp,
sizeof(KEY_FLUSH_CTX), KEY_FLUSH_CTX,
op_data->op_namelen = namelen;
op_data->op_mode = mode;
op_data->op_mod_time = cfs_time_current_sec();
- op_data->op_fsuid = current_fsuid();
- op_data->op_fsgid = current_fsgid();
+ op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid());
op_data->op_cap = cfs_curproc_cap_pack();
op_data->op_bias = 0;
op_data->op_cli_flags = 0;
sbi->ll_stats_track_id == current->parent->pid)
lprocfs_counter_add(sbi->ll_stats, op, count);
else if (sbi->ll_stats_track_type == STATS_TRACK_GID &&
- sbi->ll_stats_track_id == current_gid())
+ sbi->ll_stats_track_id ==
+ from_kgid(&init_user_ns, current_gid()))
lprocfs_counter_add(sbi->ll_stats, op, count);
}
EXPORT_SYMBOL(ll_stats_ops_tally);
__u32 ll_i2suppgid(struct inode *i)
{
if (in_group_p(i->i_gid))
- return (__u32)i->i_gid;
+ return (__u32)from_kgid(&init_user_ns, i->i_gid);
else
- return (__u32)(-1);
+ return (__u32) __kgid_val(INVALID_GID);
}
/* Pack the required supplementary groups into the supplied groups array.
* array in case it might be useful. Not needed if doing an MDS-side upcall. */
void ll_i2gids(__u32 *suppgids, struct inode *i1, struct inode *i2)
{
-#if 0
- int i;
-#endif
-
- LASSERT(i1 != NULL);
- LASSERT(suppgids != NULL);
-
- suppgids[0] = ll_i2suppgid(i1);
+ LASSERT(i1 != NULL);
+ LASSERT(suppgids != NULL);
- if (i2)
- suppgids[1] = ll_i2suppgid(i2);
- else
- suppgids[1] = -1;
+ suppgids[0] = ll_i2suppgid(i1);
-#if 0
- for (i = 0; i < current_ngroups; i++) {
- if (suppgids[0] == -1) {
- if (current_groups[i] != suppgids[1])
- suppgids[0] = current_groups[i];
- continue;
- }
- if (suppgids[1] == -1) {
- if (current_groups[i] != suppgids[0])
- suppgids[1] = current_groups[i];
- continue;
- }
- break;
- }
-#endif
+ if (i2)
+ suppgids[1] = ll_i2suppgid(i2);
+ else
+ suppgids[1] = -1;
}
/*
GOTO(err_exit, err = PTR_ERR(op_data));
err = md_create(sbi->ll_md_exp, op_data, tgt, tgt_len, mode,
- current_fsuid(), current_fsgid(),
+ from_kuid(&init_user_ns, current_fsuid()),
+ from_kgid(&init_user_ns, current_fsgid()),
cfs_curproc_cap_pack(), rdev, &request);
ll_finish_md_op_data(op_data);
if (err)
if (!lli->lli_remote_perms)
RETURN(-ENOENT);
- head = lli->lli_remote_perms + remote_perm_hashfunc(current_uid());
+ head = lli->lli_remote_perms +
+ remote_perm_hashfunc(from_kuid(&init_user_ns, current_uid()));
spin_lock(&lli->lli_lock);
cfs_hlist_for_each_entry(lrp, node, head, lrp_list) {
- if (lrp->lrp_uid != current_uid())
+ if (lrp->lrp_uid != from_kuid(&init_user_ns, current_uid()))
continue;
- if (lrp->lrp_gid != current_gid())
+ if (lrp->lrp_gid != from_kgid(&init_user_ns, current_gid()))
continue;
- if (lrp->lrp_fsuid != current_fsuid())
+ if (lrp->lrp_fsuid != from_kuid(&init_user_ns, current_fsuid()))
continue;
- if (lrp->lrp_fsgid != current_fsgid())
+ if (lrp->lrp_fsgid != from_kgid(&init_user_ns, current_fsgid()))
continue;
found = 1;
break;
static int vvp_attr_get(const struct lu_env *env, struct cl_object *obj,
struct cl_attr *attr)
{
- struct inode *inode = ccc_object_inode(obj);
-
- /*
- * lov overwrites most of these fields in
- * lov_attr_get()->...lov_merge_lvb_kms(), except when inode
- * attributes are newer.
- */
-
- attr->cat_size = i_size_read(inode);
- attr->cat_mtime = LTIME_S(inode->i_mtime);
- attr->cat_atime = LTIME_S(inode->i_atime);
- attr->cat_ctime = LTIME_S(inode->i_ctime);
- attr->cat_blocks = inode->i_blocks;
- attr->cat_uid = inode->i_uid;
- attr->cat_gid = inode->i_gid;
- /* KMS is not known by this layer */
- return 0; /* layers below have to fill in the rest */
+ struct inode *inode = ccc_object_inode(obj);
+
+ /*
+ * lov overwrites most of these fields in
+ * lov_attr_get()->...lov_merge_lvb_kms(), except when inode
+ * attributes are newer.
+ */
+
+ attr->cat_size = i_size_read(inode);
+ attr->cat_mtime = LTIME_S(inode->i_mtime);
+ attr->cat_atime = LTIME_S(inode->i_atime);
+ attr->cat_ctime = LTIME_S(inode->i_ctime);
+ attr->cat_blocks = inode->i_blocks;
+ attr->cat_uid = from_kuid(&init_user_ns, inode->i_uid);
+ attr->cat_gid = from_kgid(&init_user_ns, inode->i_gid);
+ /* KMS is not known by this layer */
+ return 0; /* layers below have to fill in the rest */
}
static int vvp_attr_set(const struct lu_env *env, struct cl_object *obj,
const struct cl_attr *attr, unsigned valid)
{
- struct inode *inode = ccc_object_inode(obj);
-
- if (valid & CAT_UID)
- inode->i_uid = attr->cat_uid;
- if (valid & CAT_GID)
- inode->i_gid = attr->cat_gid;
- if (valid & CAT_ATIME)
- LTIME_S(inode->i_atime) = attr->cat_atime;
- if (valid & CAT_MTIME)
- LTIME_S(inode->i_mtime) = attr->cat_mtime;
- if (valid & CAT_CTIME)
- LTIME_S(inode->i_ctime) = attr->cat_ctime;
- if (0 && valid & CAT_SIZE)
- cl_isize_write_nolock(inode, attr->cat_size);
- /* not currently necessary */
- if (0 && valid & (CAT_UID|CAT_GID|CAT_SIZE))
- mark_inode_dirty(inode);
- return 0;
+ struct inode *inode = ccc_object_inode(obj);
+
+ if (valid & CAT_UID)
+ inode->i_uid = make_kuid(&init_user_ns, attr->cat_uid);
+ if (valid & CAT_GID)
+ inode->i_gid = make_kgid(&init_user_ns, attr->cat_gid);
+ if (valid & CAT_ATIME)
+ LTIME_S(inode->i_atime) = attr->cat_atime;
+ if (valid & CAT_MTIME)
+ LTIME_S(inode->i_mtime) = attr->cat_mtime;
+ if (valid & CAT_CTIME)
+ LTIME_S(inode->i_ctime) = attr->cat_ctime;
+ if (0 && valid & CAT_SIZE)
+ cl_isize_write_nolock(inode, attr->cat_size);
+ /* not currently necessary */
+ if (0 && valid & (CAT_UID|CAT_GID|CAT_SIZE))
+ mark_inode_dirty(inode);
+ return 0;
}
int vvp_conf_set(const struct lu_env *env, struct cl_object *obj,
PFID(&op_data->op_fid2), op_data->op_namelen,
op_data->op_name, PFID(&op_data->op_fid1));
- op_data->op_fsuid = current_fsuid();
- op_data->op_fsgid = current_fsgid();
+ op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid());
op_data->op_cap = cfs_curproc_cap_pack();
if (op_data->op_mea2 != NULL) {
struct lmv_stripe_md *lsm = op_data->op_mea2;
if (rc)
RETURN(rc);
- op_data->op_fsuid = current_fsuid();
- op_data->op_fsgid = current_fsgid();
+ op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid());
op_data->op_cap = cfs_curproc_cap_pack();
if (op_data->op_cli_flags & CLI_MIGRATE) {
LASSERTF(fid_is_sane(&op_data->op_fid3), "invalid FID "DFID"\n",
RETURN(PTR_ERR(tgt));
}
- op_data->op_fsuid = current_fsuid();
- op_data->op_fsgid = current_fsgid();
+ op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid());
op_data->op_cap = cfs_curproc_cap_pack();
/*
LASSERT (b != NULL);
b->suppgid = suppgid;
- b->uid = current_uid();
- b->gid = current_gid();
- b->fsuid = current_fsuid();
- b->fsgid = current_fsgid();
+ b->uid = from_kuid(&init_user_ns, current_uid());
+ b->gid = from_kgid(&init_user_ns, current_gid());
+ b->fsuid = from_kuid(&init_user_ns, current_fsuid());
+ b->fsgid = from_kgid(&init_user_ns, current_fsgid());
b->capability = cfs_curproc_cap_pack();
}
/* XXX do something about time, uid, gid */
rec->cr_opcode = REINT_OPEN;
- rec->cr_fsuid = current_fsuid();
- rec->cr_fsgid = current_fsgid();
+ rec->cr_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ rec->cr_fsgid = from_kgid(&init_user_ns, current_fsgid());
rec->cr_cap = cfs_curproc_cap_pack();
rec->cr_mode = mode;
cr_flags = mds_pack_open_flags(flags, mode);
struct md_op_data *op_data)
{
rec->sa_opcode = REINT_SETATTR;
- rec->sa_fsuid = current_fsuid();
- rec->sa_fsgid = current_fsgid();
+ rec->sa_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ rec->sa_fsgid = from_kgid(&init_user_ns, current_fsgid());
rec->sa_cap = cfs_curproc_cap_pack();
rec->sa_suppgid = -1;
- rec->sa_fid = op_data->op_fid1;
- rec->sa_valid = attr_pack(op_data->op_attr.ia_valid);
- rec->sa_mode = op_data->op_attr.ia_mode;
- rec->sa_uid = op_data->op_attr.ia_uid;
- rec->sa_gid = op_data->op_attr.ia_gid;
- rec->sa_size = op_data->op_attr.ia_size;
- rec->sa_blocks = op_data->op_attr_blocks;
- rec->sa_atime = LTIME_S(op_data->op_attr.ia_atime);
- rec->sa_mtime = LTIME_S(op_data->op_attr.ia_mtime);
- rec->sa_ctime = LTIME_S(op_data->op_attr.ia_ctime);
- rec->sa_attr_flags = ((struct ll_iattr *)&op_data->op_attr)->ia_attr_flags;
+ rec->sa_fid = op_data->op_fid1;
+ rec->sa_valid = attr_pack(op_data->op_attr.ia_valid);
+ rec->sa_mode = op_data->op_attr.ia_mode;
+ rec->sa_uid = from_kuid(&init_user_ns, op_data->op_attr.ia_uid);
+ rec->sa_gid = from_kgid(&init_user_ns, op_data->op_attr.ia_gid);
+ rec->sa_size = op_data->op_attr.ia_size;
+ rec->sa_blocks = op_data->op_attr_blocks;
+ rec->sa_atime = LTIME_S(op_data->op_attr.ia_atime);
+ rec->sa_mtime = LTIME_S(op_data->op_attr.ia_mtime);
+ rec->sa_ctime = LTIME_S(op_data->op_attr.ia_ctime);
+ rec->sa_attr_flags =
+ ((struct ll_iattr *)&op_data->op_attr)->ia_attr_flags;
if ((op_data->op_attr.ia_valid & ATTR_GID) &&
- in_group_p(op_data->op_attr.ia_gid))
- rec->sa_suppgid = op_data->op_attr.ia_gid;
+ in_group_p(op_data->op_attr.ia_gid))
+ rec->sa_suppgid =
+ from_kgid(&init_user_ns, op_data->op_attr.ia_gid);
else
rec->sa_suppgid = op_data->op_suppgids[0];
sizeof(struct mdt_rec_reint));
rec = req_capsule_client_get(&req->rq_pill, &RMF_REC_REINT);
rec->sx_opcode = REINT_SETXATTR;
- rec->sx_fsuid = current_fsuid();
- rec->sx_fsgid = current_fsgid();
+ rec->sx_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ rec->sx_fsgid = from_kgid(&init_user_ns, current_fsgid());
rec->sx_cap = cfs_curproc_cap_pack();
rec->sx_suppgid1 = suppgid;
rec->sx_suppgid2 = -1;
RETURN(-EACCES);
}
- if (req->rq_auth_mapped_uid == INVALID_UID) {
+ if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_mapped_uid))) {
CDEBUG(D_SEC, "invalid authorized mapped uid, please check "
"/etc/lustre/idmap.conf!\n");
RETURN(-EACCES);
ucred->uc_suppgids[1] = -1;
}
- /* sanity check: we expect the uid which client claimed is true */
- if (remote) {
- if (req->rq_auth_mapped_uid == INVALID_UID) {
- CDEBUG(D_SEC, "remote user not mapped, deny access!\n");
- RETURN(-EACCES);
- }
+ /* sanity check: we expect the uid which client claimed is true */
+ if (remote) {
+ if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_mapped_uid))) {
+ CDEBUG(D_SEC, "remote user not mapped, deny access!\n");
+ CDEBUG(D_SEC, "remote user not mapped, deny access!\n");
+ RETURN(-EACCES);
+ }
- if (ptlrpc_user_desc_do_idmap(req, pud))
- RETURN(-EACCES);
+ if (ptlrpc_user_desc_do_idmap(req, pud))
+ RETURN(-EACCES);
if (req->rq_auth_mapped_uid != pud->pud_uid) {
CDEBUG(D_SEC, "remote client %s: auth/mapped uid %u/%u "
/* sanity check: if we use strong authentication, we expect the
* uid which client claimed is true */
if (remote) {
- if (req->rq_auth_mapped_uid == INVALID_UID) {
+ if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_mapped_uid))) {
CDEBUG(D_SEC, "remote user not mapped, deny access!\n");
RETURN(-EACCES);
}
/* Use process name + fsuid as jobid */
if (strcmp(obd_jobid_var, JOBSTATS_PROCNAME_UID) == 0) {
snprintf(jobid, JOBSTATS_JOBID_SIZE, "%s.%u",
- current_comm(), current_fsuid());
+ current_comm(),
+ from_kuid(&init_user_ns, current_fsuid()));
RETURN(0);
}
right = group_info->ngroups;
while (left < right) {
int mid = (left + right) / 2;
- int cmp = grp - CFS_GROUP_AT(group_info, mid);
+ int cmp = grp -
+ from_kgid(&init_user_ns, CFS_GROUP_AT(group_info, mid));
if (cmp > 0)
left = mid + 1;
; /* nothing */
stride /= 3;
- while (stride) {
- max = gidsetsize - stride;
- for (base = 0; base < max; base++) {
- int left = base;
- int right = left + stride;
- gid_t tmp = CFS_GROUP_AT(group_info, right);
-
- while (left >= 0 &&
- CFS_GROUP_AT(group_info, left) > tmp) {
- CFS_GROUP_AT(group_info, right) =
- CFS_GROUP_AT(group_info, left);
- right = left;
- left -= stride;
- }
- CFS_GROUP_AT(group_info, right) = tmp;
- }
- stride /= 3;
- }
+ while (stride) {
+ max = gidsetsize - stride;
+ for (base = 0; base < max; base++) {
+ int left = base;
+ int right = left + stride;
+ gid_t tmp = from_kgid(&init_user_ns,
+ CFS_GROUP_AT(group_info, right));
+
+ while (left >= 0 &&
+ tmp < from_kgid(&init_user_ns,
+ CFS_GROUP_AT(group_info, left))) {
+ CFS_GROUP_AT(group_info, right) =
+ CFS_GROUP_AT(group_info, left);
+ right = left;
+ left -= stride;
+ }
+ CFS_GROUP_AT(group_info, right) =
+ make_kgid(&init_user_ns, tmp);
+ }
+ stride /= 3;
+ }
}
EXPORT_SYMBOL(lustre_groups_sort);
src->o_valid, LTIME_S(dst->i_mtime),
LTIME_S(dst->i_ctime), src->o_mtime, src->o_ctime);
- if (valid & OBD_MD_FLATIME)
- LTIME_S(dst->i_atime) = src->o_atime;
- if (valid & OBD_MD_FLMTIME)
- LTIME_S(dst->i_mtime) = src->o_mtime;
- if (valid & OBD_MD_FLCTIME && src->o_ctime > LTIME_S(dst->i_ctime))
- LTIME_S(dst->i_ctime) = src->o_ctime;
- if (valid & OBD_MD_FLSIZE)
- i_size_write(dst, src->o_size);
- if (valid & OBD_MD_FLBLOCKS) { /* allocation of space */
- dst->i_blocks = src->o_blocks;
- if (dst->i_blocks < src->o_blocks) /* overflow */
- dst->i_blocks = -1;
-
- }
+ if (valid & OBD_MD_FLATIME)
+ LTIME_S(dst->i_atime) = src->o_atime;
+ if (valid & OBD_MD_FLMTIME)
+ LTIME_S(dst->i_mtime) = src->o_mtime;
+ if (valid & OBD_MD_FLCTIME && src->o_ctime > LTIME_S(dst->i_ctime))
+ LTIME_S(dst->i_ctime) = src->o_ctime;
+ if (valid & OBD_MD_FLSIZE)
+ i_size_write(dst, src->o_size);
+ if (valid & OBD_MD_FLBLOCKS) { /* allocation of space */
+ dst->i_blocks = src->o_blocks;
+ if (dst->i_blocks < src->o_blocks) /* overflow */
+ dst->i_blocks = -1;
+ }
if (valid & OBD_MD_FLBLKSZ)
dst->i_blkbits = ffs(src->o_blksize)-1;
- if (valid & OBD_MD_FLMODE)
- dst->i_mode = (dst->i_mode & S_IFMT) | (src->o_mode & ~S_IFMT);
- if (valid & OBD_MD_FLUID)
- dst->i_uid = src->o_uid;
- if (valid & OBD_MD_FLGID)
- dst->i_gid = src->o_gid;
- if (valid & OBD_MD_FLFLAGS)
- dst->i_flags = src->o_flags;
+ if (valid & OBD_MD_FLMODE)
+ dst->i_mode = (dst->i_mode & S_IFMT) | (src->o_mode & ~S_IFMT);
+ if (valid & OBD_MD_FLUID)
+ dst->i_uid = make_kuid(&init_user_ns, src->o_uid);
+ if (valid & OBD_MD_FLGID)
+ dst->i_gid = make_kgid(&init_user_ns, src->o_gid);
+ if (valid & OBD_MD_FLFLAGS)
+ dst->i_flags = src->o_flags;
}
EXPORT_SYMBOL(obdo_to_inode);
#endif
(src->i_mode & S_IALLUGO);
newvalid |= OBD_MD_FLMODE;
}
- if (valid & OBD_MD_FLUID) {
- dst->o_uid = src->i_uid;
- newvalid |= OBD_MD_FLUID;
- }
- if (valid & OBD_MD_FLGID) {
- dst->o_gid = src->i_gid;
- newvalid |= OBD_MD_FLGID;
- }
- if (valid & OBD_MD_FLFLAGS) {
- dst->o_flags = ll_inode_flags(src);
- newvalid |= OBD_MD_FLFLAGS;
- }
- dst->o_valid |= newvalid;
+ if (valid & OBD_MD_FLUID) {
+ dst->o_uid = from_kuid(&init_user_ns, src->i_uid);
+ newvalid |= OBD_MD_FLUID;
+ }
+ if (valid & OBD_MD_FLGID) {
+ dst->o_gid = from_kgid(&init_user_ns, src->i_gid);
+ newvalid |= OBD_MD_FLGID;
+ }
+ if (valid & OBD_MD_FLFLAGS) {
+ dst->o_flags = ll_inode_flags(src);
+ newvalid |= OBD_MD_FLFLAGS;
+ }
+ dst->o_valid |= newvalid;
}
EXPORT_SYMBOL(obdo_from_inode);
oa->o_ctime = LTIME_S(attr->ia_ctime);
oa->o_valid |= OBD_MD_FLCTIME;
}
- if (ia_valid & ATTR_SIZE) {
- oa->o_size = attr->ia_size;
- oa->o_valid |= OBD_MD_FLSIZE;
- }
+ if (ia_valid & ATTR_SIZE) {
+ oa->o_size = attr->ia_size;
+ oa->o_valid |= OBD_MD_FLSIZE;
+ }
if (ia_valid & ATTR_MODE) {
oa->o_mode = attr->ia_mode;
oa->o_valid |= OBD_MD_FLTYPE | OBD_MD_FLMODE;
- if (!in_group_p(oa->o_gid) &&
+ if (!in_group_p(make_kgid(&init_user_ns, oa->o_gid)) &&
!cfs_capable(CFS_CAP_FSETID))
oa->o_mode &= ~S_ISGID;
}
- if (ia_valid & ATTR_UID) {
- oa->o_uid = attr->ia_uid;
- oa->o_valid |= OBD_MD_FLUID;
- }
- if (ia_valid & ATTR_GID) {
- oa->o_gid = attr->ia_gid;
- oa->o_valid |= OBD_MD_FLGID;
- }
+ if (ia_valid & ATTR_UID) {
+ oa->o_uid = from_kuid(&init_user_ns, attr->ia_uid);
+ oa->o_valid |= OBD_MD_FLUID;
+ }
+ if (ia_valid & ATTR_GID) {
+ oa->o_gid = from_kgid(&init_user_ns, attr->ia_gid);
+ oa->o_valid |= OBD_MD_FLGID;
+ }
}
EXPORT_SYMBOL(obdo_from_iattr);
if (valid & OBD_MD_FLMODE) {
attr->ia_mode = (attr->ia_mode & S_IFMT)|(oa->o_mode & ~S_IFMT);
attr->ia_valid |= ATTR_MODE;
- if (!in_group_p(oa->o_gid) &&
+ if (!in_group_p(make_kgid(&init_user_ns, oa->o_gid)) &&
!cfs_capable(CFS_CAP_FSETID))
attr->ia_mode &= ~S_ISGID;
}
if (valid & OBD_MD_FLUID) {
- attr->ia_uid = oa->o_uid;
+ attr->ia_uid = make_kuid(&init_user_ns, oa->o_uid);
attr->ia_valid |= ATTR_UID;
}
if (valid & OBD_MD_FLGID) {
- attr->ia_gid = oa->o_gid;
+ attr->ia_gid = make_kgid(&init_user_ns, oa->o_gid);
attr->ia_valid |= ATTR_GID;
}
}
ucred->uc_suppgids[0] = -1;
ucred->uc_suppgids[1] = -1;
- ucred->uc_uid = ucred->uc_o_uid = current_uid();
- ucred->uc_gid = ucred->uc_o_gid = current_gid();
- ucred->uc_fsuid = ucred->uc_o_fsuid = current_fsuid();
- ucred->uc_fsgid = ucred->uc_o_fsgid = current_fsgid();
- ucred->uc_cap = cfs_curproc_cap_pack();
+ ucred->uc_uid = ucred->uc_o_uid =
+ from_kuid(&init_user_ns, current_uid());
+ ucred->uc_gid = ucred->uc_o_gid =
+ from_kgid(&init_user_ns, current_gid());
+ ucred->uc_fsuid = ucred->uc_o_fsuid =
+ from_kuid(&init_user_ns, current_fsuid());
+ ucred->uc_fsgid = ucred->uc_o_fsgid =
+ from_kgid(&init_user_ns, current_fsgid());
+ ucred->uc_cap = cfs_curproc_cap_pack();
/* remove fs privilege for non-root user. */
if (ucred->uc_fsuid)
remove_dead = 0;
}
} else {
- vcred.vc_uid = current_uid();
- vcred.vc_gid = current_gid();
+ vcred.vc_uid = from_kuid(&init_user_ns, current_uid());
+ vcred.vc_gid = from_kgid(&init_user_ns, current_gid());
}
return sec->ps_policy->sp_cops->lookup_ctx(sec, &vcred, create,
void sptlrpc_import_flush_my_ctx(struct obd_import *imp)
{
- import_flush_ctx_common(imp, current_uid(), 1, 1);
+ import_flush_ctx_common(imp, from_kuid(&init_user_ns, current_uid()),
+ 1, 1);
}
EXPORT_SYMBOL(sptlrpc_import_flush_my_ctx);
req->rq_flvr.sf_rpc = WIRE_FLVR(msg->lm_secflvr);
req->rq_sp_from = LUSTRE_SP_ANY;
- req->rq_auth_uid = INVALID_UID;
- req->rq_auth_mapped_uid = INVALID_UID;
+ req->rq_auth_uid = -1; /* set to INVALID_UID */
+ req->rq_auth_mapped_uid = -1;
policy = sptlrpc_wireflavor2policy(req->rq_flvr.sf_rpc);
if (!policy) {
pud = lustre_msg_buf(msg, offset, 0);
- pud->pud_uid = current_uid();
- pud->pud_gid = current_gid();
- pud->pud_fsuid = current_fsuid();
- pud->pud_fsgid = current_fsgid();
+ pud->pud_uid = from_kuid(&init_user_ns, current_uid());
+ pud->pud_gid = from_kgid(&init_user_ns, current_gid());
+ pud->pud_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ pud->pud_fsgid = from_kgid(&init_user_ns, current_fsgid());
pud->pud_cap = cfs_curproc_cap_pack();
pud->pud_ngroups = (msg->lm_buflens[offset] - sizeof(*pud)) / 4;
RETURN(-EACCES);
}
} else {
- if (req->rq_auth_uid == INVALID_UID) {
+ if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_uid))) {
CDEBUG(D_SEC, "client %s -> target %s: user is not "
"authenticated!\n", client, tgt_name(tgt));
RETURN(-EACCES);