CDEBUG(D_OTHER, "squash req from %s, (%d:%d/%x)=>(%d:%d/%x)\n",
libcfs_nid2str(peernid),
- ucred->uc_fsuid, ucred->uc_fsgid, ucred->uc_cap,
+ ucred->uc_fsuid, ucred->uc_fsgid, ucred->uc_cap.cap[0],
squash->rsi_uid, squash->rsi_gid, 0);
ucred->uc_fsuid = squash->rsi_uid;
ucred->uc_fsgid = squash->rsi_gid;
- ucred->uc_cap = 0;
+ ucred->uc_cap = CAP_EMPTY_SET;
ucred->uc_suppgids[0] = -1;
ucred->uc_suppgids[1] = -1;
ucred->uc_uid = pud->pud_uid;
ucred->uc_gid = pud->pud_gid;
- if (nodemap && ucred->uc_o_uid == nodemap->nm_squash_uid) {
- ucred->uc_cap = 0;
- } else {
- ucred->uc_cap = pud->pud_cap;
- }
+ ucred->uc_cap = CAP_EMPTY_SET;
+ if (!nodemap || ucred->uc_o_uid != nodemap->nm_squash_uid)
+ ucred->uc_cap.cap[0] = pud->pud_cap;
+
ucred->uc_fsuid = pud->pud_fsuid;
ucred->uc_fsgid = pud->pud_fsgid;
if (nodemap->nmf_deny_unknown)
RETURN(-EACCES);
- uc->uc_cap = 0;
+ uc->uc_cap = CAP_EMPTY_SET;
uc->uc_suppgids[0] = -1;
uc->uc_suppgids[1] = -1;
}
identity = mdt_identity_get(mdt->mdt_identity_cache,
uc->uc_fsuid);
if (IS_ERR(identity)) {
- kernel_cap_t kcap = cap_combine(CAP_FS_SET,
- CAP_NFSD_SET);
- u32 cap_mask = kcap.cap[0];
-
if (unlikely(PTR_ERR(identity) == -EREMCHG ||
- uc->uc_cap & cap_mask)) {
+ cap_raised(uc->uc_cap,
+ CAP_DAC_READ_SEARCH))) {
identity = NULL;
} else {
CDEBUG(D_SEC, "Deny access without identity: "
uc->uc_suppgids[0] = body->mbo_suppgid;
uc->uc_suppgids[1] = -1;
uc->uc_ginfo = NULL;
- uc->uc_cap = body->mbo_capability;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = body->mbo_capability;
rc = old_init_ucred_common(info, nodemap);
nodemap_putref(nodemap);
/* LU-5564: for normal close request, skip permission check */
if (lustre_msg_get_opc(req->rq_reqmsg) == MDS_CLOSE &&
!(ma->ma_attr_flags & (MDS_HSM_RELEASE | MDS_CLOSE_LAYOUT_SWAP))) {
- kernel_cap_t kcap = { { uc->uc_cap, } };
-
- kcap = cap_raise_nfsd_set(kcap, CAP_FULL_SET);
- kcap = cap_raise_fs_set(kcap, CAP_FULL_SET);
- uc->uc_cap = kcap.cap[0];
+ cap_raise_nfsd_set(uc->uc_cap, CAP_FULL_SET);
+ cap_raise_fs_set(uc->uc_cap, CAP_FULL_SET);
}
mdt_exit_ucred(info);
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->sa_fsuid;
uc->uc_fsgid = rec->sa_fsgid;
- uc->uc_cap = rec->sa_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->sa_cap;
uc->uc_suppgids[0] = rec->sa_suppgid;
uc->uc_suppgids[1] = -1;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->cr_fsuid;
uc->uc_fsgid = rec->cr_fsgid;
- uc->uc_cap = rec->cr_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->cr_cap;
uc->uc_suppgids[0] = rec->cr_suppgid1;
uc->uc_suppgids[1] = -1;
uc->uc_umask = rec->cr_umask;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->lk_fsuid;
uc->uc_fsgid = rec->lk_fsgid;
- uc->uc_cap = rec->lk_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->lk_cap;
uc->uc_suppgids[0] = rec->lk_suppgid1;
uc->uc_suppgids[1] = rec->lk_suppgid2;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->ul_fsuid;
uc->uc_fsgid = rec->ul_fsgid;
- uc->uc_cap = rec->ul_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->ul_cap;
uc->uc_suppgids[0] = rec->ul_suppgid1;
uc->uc_suppgids[1] = -1;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->rn_fsuid;
uc->uc_fsgid = rec->rn_fsgid;
- uc->uc_cap = rec->rn_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->rn_cap;
uc->uc_suppgids[0] = rec->rn_suppgid1;
uc->uc_suppgids[1] = rec->rn_suppgid2;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->rn_fsuid;
uc->uc_fsgid = rec->rn_fsgid;
- uc->uc_cap = rec->rn_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->rn_cap;
uc->uc_suppgids[0] = rec->rn_suppgid1;
uc->uc_suppgids[1] = rec->rn_suppgid2;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->cr_fsuid;
uc->uc_fsgid = rec->cr_fsgid;
- uc->uc_cap = rec->cr_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->cr_cap;
uc->uc_suppgids[0] = rec->cr_suppgid1;
uc->uc_suppgids[1] = rec->cr_suppgid2;
uc->uc_umask = rec->cr_umask;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->sx_fsuid;
uc->uc_fsgid = rec->sx_fsgid;
- uc->uc_cap = rec->sx_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->sx_cap;
uc->uc_suppgids[0] = rec->sx_suppgid1;
uc->uc_suppgids[1] = -1;
/* This prior initialization is needed for old_init_ucred_reint() */
uc->uc_fsuid = rec->rs_fsuid;
uc->uc_fsgid = rec->rs_fsgid;
- uc->uc_cap = rec->rs_cap;
+ uc->uc_cap = CAP_EMPTY_SET;
+ uc->uc_cap.cap[0] = rec->rs_cap;
rr->rr_fid1 = &rec->rs_fid;
rr->rr_mirror_id = rec->rs_mirror_id;