__u32 perm = 0;
int setuid;
int setgid;
+ bool is_nm_gid_squashed = false;
int rc = 0;
ENTRY;
ucred->uc_suppgids[0] = -1;
ucred->uc_suppgids[1] = -1;
}
+
+ if (nodemap && ucred->uc_o_gid == nodemap->nm_squash_gid)
+ is_nm_gid_squashed = true;
+
nodemap_putref(nodemap);
if (type == BODY_INIT) {
}
if (perm & CFS_SETGRP_PERM) {
- if (pud->pud_ngroups) {
+ /* only set groups if GID is not squashed */
+ if (pud->pud_ngroups && !is_nm_gid_squashed) {
/* setgroups for local client */
ucred->uc_ginfo = groups_alloc(pud->pud_ngroups);
if (!ucred->uc_ginfo) {
pud->pud_groups);
lustre_groups_sort(ucred->uc_ginfo);
} else {
+ ucred->uc_suppgids[0] = -1;
+ ucred->uc_suppgids[1] = -1;
ucred->uc_ginfo = NULL;
}
} else {
void mdt_dump_lmv(unsigned int level, const union lmv_mds_md *lmv)
{
const struct lmv_mds_md_v1 *lmm1;
+ const struct lmv_foreign_md *lfm;
int i;
if (likely(!cfs_cdebug_show(level, DEBUG_SUBSYSTEM)))
return;
+ /* foreign LMV case */
+ lfm = &lmv->lmv_foreign_md;
+ if (le32_to_cpu(lfm->lfm_magic) == LMV_MAGIC_FOREIGN) {
+ CDEBUG_LIMIT(level,
+ "foreign magic 0x%08X, length %u, type %u, flags %u, value '%.*s'\n",
+ le32_to_cpu(lfm->lfm_magic),
+ le32_to_cpu(lfm->lfm_length),
+ le32_to_cpu(lfm->lfm_type),
+ le32_to_cpu(lfm->lfm_flags),
+ le32_to_cpu(lfm->lfm_length), lfm->lfm_value);
+ return;
+ }
+
lmm1 = &lmv->lmv_md_v1;
CDEBUG(level,
"magic 0x%08X, master %#X stripe_count %#x hash_type %#x\n",
req_capsule_shrink(pill, &RMF_LOGCOOKIES, acl_size, RCL_SERVER);
}
+ /* Shrink optional SECCTX buffer if it is not used */
+ if (req_capsule_has_field(pill, &RMF_FILE_SECCTX, RCL_SERVER) &&
+ req_capsule_get_size(pill, &RMF_FILE_SECCTX, RCL_SERVER) != 0 &&
+ !(body->mbo_valid & OBD_MD_SECCTX))
+ req_capsule_shrink(pill, &RMF_FILE_SECCTX, 0, RCL_SERVER);
+
/*
* Some more field should be shrinked if needed.
* This should be done by those who added fields to reply message.
MDS_ATTR_FROM_OPEN | MDS_ATTR_LSIZE | MDS_ATTR_LBLOCKS |
MDS_ATTR_OVERRIDE);
if (in != 0)
- CERROR("Unknown attr bits: %#llx\n", in);
+ CDEBUG(D_INFO, "Unknown attr bits: %#llx\n", in);
return out;
}
rr->rr_eadata = req_capsule_client_get(pill, &RMF_EADATA);
rr->rr_eadatalen = req_capsule_get_size(pill, &RMF_EADATA,
RCL_CLIENT);
+
if (rr->rr_eadatalen > 0) {
const struct lmv_user_md *lum;
struct mdt_rec_create *rec;
struct lu_attr *attr = &info->mti_attr.ma_attr;
struct mdt_reint_record *rr = &info->mti_rr;
- struct req_capsule *pill = info->mti_pill;
- struct md_op_spec *sp = &info->mti_spec;
+ struct req_capsule *pill = info->mti_pill;
+ struct md_op_spec *sp = &info->mti_spec;
int rc;
ENTRY;
if (rc < 0)
RETURN(rc);
+ rc = req_check_sepol(pill);
+ if (rc)
+ RETURN(rc);
+
rc = mdt_dlmreq_unpack(info);
RETURN(rc);
}
if (rc < 0)
RETURN(rc);
+ rc = req_check_sepol(pill);
+ if (rc)
+ RETURN(rc);
+
rc = mdt_dlmreq_unpack(info);
RETURN(rc);
struct mdt_rec_unlink *rec;
struct lu_attr *attr = &info->mti_attr.ma_attr;
struct mdt_reint_record *rr = &info->mti_rr;
- struct req_capsule *pill = info->mti_pill;
+ struct req_capsule *pill = info->mti_pill;
int rc;
ENTRY;
info->mti_spec.no_create = !!req_is_replay(mdt_info_req(info));
+ rc = req_check_sepol(pill);
+ if (rc)
+ RETURN(rc);
+
rc = mdt_dlmreq_unpack(info);
RETURN(rc);
}
spec->no_create = !!req_is_replay(mdt_info_req(info));
+ rc = req_check_sepol(pill);
+ if (rc)
+ RETURN(rc);
+
rc = mdt_dlmreq_unpack(info);
RETURN(rc);
rr->rr_eadatalen = req_capsule_get_size(pill,
&RMF_EADATA,
RCL_CLIENT);
+
if (rr->rr_eadatalen > 0) {
rr->rr_eadata = req_capsule_client_get(pill,
&RMF_EADATA);
if (req_capsule_field_present(pill, &RMF_EADATA, RCL_CLIENT)) {
rr->rr_eadatalen = req_capsule_get_size(pill, &RMF_EADATA,
RCL_CLIENT);
+
if (rr->rr_eadatalen > 0) {
rr->rr_eadata = req_capsule_client_get(pill,
&RMF_EADATA);
rc = mdt_file_secctx_unpack(pill, &sp->sp_cr_file_secctx_name,
&sp->sp_cr_file_secctx,
&sp->sp_cr_file_secctx_size);
+ if (rc < 0)
+ RETURN(rc);
+
+ rc = req_check_sepol(pill);
+ if (rc)
+ RETURN(rc);
RETURN(rc);
}
if (req_capsule_field_present(pill, &RMF_EADATA, RCL_CLIENT)) {
rr->rr_eadatalen = req_capsule_get_size(pill, &RMF_EADATA,
RCL_CLIENT);
+
+ if (rr->rr_eadatalen > info->mti_mdt->mdt_max_ea_size)
+ RETURN(-E2BIG);
+
if (rr->rr_eadatalen > 0) {
rr->rr_eadata = req_capsule_client_get(pill,
&RMF_EADATA);
RETURN(-EFAULT);
}
+ rc = req_check_sepol(pill);
+ if (rc)
+ RETURN(rc);
+
if (mdt_dlmreq_unpack(info) < 0)
RETURN(-EPROTO);
uc->uc_cap = rec->rs_cap;
rr->rr_fid1 = &rec->rs_fid;
+ rr->rr_mirror_id = rec->rs_mirror_id;
/* cookie doesn't need to be swapped but it has been swapped
* in lustre_swab_mdt_rec_reint() as rr_mtime, so here it needs
}
RETURN(rc);
}
+
+void mdt_pack_secctx_in_reply(struct mdt_thread_info *info,
+ struct mdt_object *child)
+{
+ char *secctx_name;
+ struct lu_buf *buffer;
+ struct mdt_body *repbody;
+ struct req_capsule *pill = info->mti_pill;
+ int rc;
+
+ if (req_capsule_has_field(pill, &RMF_FILE_SECCTX, RCL_SERVER) &&
+ req_capsule_get_size(pill, &RMF_FILE_SECCTX, RCL_SERVER) != 0) {
+ secctx_name =
+ req_capsule_client_get(pill, &RMF_FILE_SECCTX_NAME);
+ buffer = &info->mti_buf;
+
+ /* fill reply buffer with security context now */
+ buffer->lb_len = req_capsule_get_size(pill, &RMF_FILE_SECCTX,
+ RCL_SERVER);
+ buffer->lb_buf = req_capsule_server_get(info->mti_pill,
+ &RMF_FILE_SECCTX);
+ rc = mo_xattr_get(info->mti_env, mdt_object_child(child),
+ buffer, secctx_name);
+ if (rc >= 0) {
+ CDEBUG(D_SEC,
+ "found security context of size %d for "DFID"\n",
+ rc, PFID(mdt_object_fid(child)));
+
+ repbody = req_capsule_server_get(pill, &RMF_MDT_BODY);
+ repbody->mbo_valid |= OBD_MD_SECCTX;
+ if (rc < buffer->lb_len)
+ req_capsule_shrink(pill, &RMF_FILE_SECCTX, rc,
+ RCL_SERVER);
+ } else {
+ CDEBUG(D_SEC,
+ "security context not found for "DFID": rc = %d\n",
+ PFID(mdt_object_fid(child)), rc);
+ req_capsule_shrink(pill, &RMF_FILE_SECCTX, 0,
+ RCL_SERVER);
+ }
+ }
+}