From: Sebastien Buisson Date: Mon, 5 Oct 2020 12:14:09 +0000 (+0900) Subject: LU-13498 sec: fix credentials with nodemap and SSK X-Git-Tag: 2.12.7-RC1~82 X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=233656e5dbffec99421326644f64db3d4e46dbc7;p=fs%2Flustre-release.git LU-13498 sec: fix credentials with nodemap and SSK When SSK is enabled, credentials are evaluated in new_init_ucred(). In case a nodemap entry is defined with squash UID/GID, it must prevail over normally mapped UID/GID. Lustre-change: https://review.whamcloud.com/40140 Lustre-commit: 2bf6442d7d9bd452153e6b1ea08ddaae3dfb3716 Signed-off-by: Sebastien Buisson Change-Id: I1adfd98759e5b98ec78f0477846e1820fed5d8b3 Reviewed-on: https://review.whamcloud.com/40960 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Lai Siyao Reviewed-by: Andreas Dilger Reviewed-by: Oleg Drokin --- diff --git a/lustre/mdt/mdt_lib.c b/lustre/mdt/mdt_lib.c index 2818339..d77e3ee 100644 --- a/lustre/mdt/mdt_lib.c +++ b/lustre/mdt/mdt_lib.c @@ -215,9 +215,6 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, RETURN(-EACCES); } - ucred->uc_fsuid = nodemap->nm_squash_uid; - ucred->uc_fsgid = nodemap->nm_squash_gid; - ucred->uc_cap = 0; ucred->uc_suppgids[0] = -1; ucred->uc_suppgids[1] = -1; } @@ -319,8 +316,16 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, ucred->uc_uid = pud->pud_uid; ucred->uc_gid = pud->pud_gid; - ucred->uc_fsuid = pud->pud_fsuid; - ucred->uc_fsgid = pud->pud_fsgid; + + if (nodemap && ucred->uc_o_uid == nodemap->nm_squash_uid) { + ucred->uc_fsuid = nodemap->nm_squash_uid; + ucred->uc_fsgid = nodemap->nm_squash_gid; + ucred->uc_cap = 0; + } else { + ucred->uc_fsuid = pud->pud_fsuid; + ucred->uc_fsgid = pud->pud_fsgid; + ucred->uc_cap = pud->pud_cap; + } /* process root_squash here. */ mdt_root_squash(info, peernid);