__u32 perm = 0;
int setuid;
int setgid;
+ bool is_nm_gid_squashed = false;
int rc = 0;
ENTRY;
ucred->uc_suppgids[0] = -1;
ucred->uc_suppgids[1] = -1;
}
+
+ if (nodemap && ucred->uc_o_gid == nodemap->nm_squash_gid)
+ is_nm_gid_squashed = true;
+
nodemap_putref(nodemap);
if (type == BODY_INIT) {
}
if (perm & CFS_SETGRP_PERM) {
- if (pud->pud_ngroups) {
+ /* only set groups if GID is not squashed */
+ if (pud->pud_ngroups && !is_nm_gid_squashed) {
/* setgroups for local client */
ucred->uc_ginfo = groups_alloc(pud->pud_ngroups);
if (!ucred->uc_ginfo) {
pud->pud_groups);
lustre_groups_sort(ucred->uc_ginfo);
} else {
+ ucred->uc_suppgids[0] = -1;
+ ucred->uc_suppgids[1] = -1;
ucred->uc_ginfo = NULL;
}
} else {
void mdt_dump_lmv(unsigned int level, const union lmv_mds_md *lmv)
{
const struct lmv_mds_md_v1 *lmm1;
+ const struct lmv_foreign_md *lfm;
int i;
if (likely(!cfs_cdebug_show(level, DEBUG_SUBSYSTEM)))
return;
+ /* foreign LMV case */
+ lfm = &lmv->lmv_foreign_md;
+ if (le32_to_cpu(lfm->lfm_magic) == LMV_MAGIC_FOREIGN) {
+ CDEBUG_LIMIT(level,
+ "foreign magic 0x%08X, length %u, type %u, flags %u, value '%.*s'\n",
+ le32_to_cpu(lfm->lfm_magic),
+ le32_to_cpu(lfm->lfm_length),
+ le32_to_cpu(lfm->lfm_type),
+ le32_to_cpu(lfm->lfm_flags),
+ le32_to_cpu(lfm->lfm_length), lfm->lfm_value);
+ return;
+ }
+
lmm1 = &lmv->lmv_md_v1;
CDEBUG(level,
"magic 0x%08X, master %#X stripe_count %#x hash_type %#x\n",
req_capsule_shrink(pill, &RMF_LOGCOOKIES, acl_size, RCL_SERVER);
}
- if (req_capsule_has_field(pill, &RMF_CAPA1, RCL_SERVER) &&
- !(body->mbo_valid & OBD_MD_FLMDSCAPA))
- req_capsule_shrink(pill, &RMF_CAPA1, 0, RCL_SERVER);
-
- if (req_capsule_has_field(pill, &RMF_CAPA2, RCL_SERVER) &&
- !(body->mbo_valid & OBD_MD_FLOSSCAPA))
- req_capsule_shrink(pill, &RMF_CAPA2, 0, RCL_SERVER);
+ /* Shrink optional SECCTX buffer if it is not used */
+ if (req_capsule_has_field(pill, &RMF_FILE_SECCTX, RCL_SERVER) &&
+ req_capsule_get_size(pill, &RMF_FILE_SECCTX, RCL_SERVER) != 0 &&
+ !(body->mbo_valid & OBD_MD_SECCTX))
+ req_capsule_shrink(pill, &RMF_FILE_SECCTX, 0, RCL_SERVER);
- /*
- * Some more field should be shrinked if needed.
- * This should be done by those who added fields to reply message.
- */
+ /*
+ * Some more field should be shrinked if needed.
+ * This should be done by those who added fields to reply message.
+ */
- /* Grow MD buffer if needed finally */
+ /* Grow MD buffer if needed finally */
if (info->mti_big_lmm_used) {
void *lmm;
if (in & MDS_ATTR_FROM_OPEN)
rr->rr_flags |= MRF_OPEN_TRUNC;
- if (in & MDS_OPEN_OWNEROVERRIDE)
+ if (in & MDS_ATTR_OVERRIDE)
ma->ma_attr_flags |= MDS_OWNEROVERRIDE;
if (in & MDS_ATTR_FORCE)
ma->ma_attr_flags |= MDS_PERM_BYPASS;
MDS_ATTR_SIZE | MDS_ATTR_BLOCKS | MDS_ATTR_ATTR_FLAG |
MDS_ATTR_FORCE | MDS_ATTR_KILL_SUID | MDS_ATTR_KILL_SGID |
MDS_ATTR_FROM_OPEN | MDS_ATTR_LSIZE | MDS_ATTR_LBLOCKS |
- MDS_OPEN_OWNEROVERRIDE);
+ MDS_ATTR_OVERRIDE);
if (in != 0)
- CERROR("Unknown attr bits: %#llx\n", in);
+ CDEBUG(D_INFO, "Unknown attr bits: %#llx\n", in);
return out;
}
if (ioepoch == NULL)
RETURN(-EPROTO);
- info->mti_close_handle = ioepoch->mio_handle;
+ info->mti_open_handle = ioepoch->mio_open_handle;
RETURN(0);
}
rr->rr_eadata = req_capsule_client_get(pill, &RMF_EADATA);
rr->rr_eadatalen = req_capsule_get_size(pill, &RMF_EADATA,
RCL_CLIENT);
+
if (rr->rr_eadatalen > 0) {
const struct lmv_user_md *lum;
struct mdt_rec_create *rec;
struct lu_attr *attr = &info->mti_attr.ma_attr;
struct mdt_reint_record *rr = &info->mti_rr;
- struct req_capsule *pill = info->mti_pill;
- struct md_op_spec *sp = &info->mti_spec;
+ struct req_capsule *pill = info->mti_pill;
+ struct md_op_spec *sp = &info->mti_spec;
int rc;
ENTRY;
if (rc < 0)
RETURN(rc);
+ rc = req_check_sepol(pill);
+ if (rc)
+ RETURN(rc);
+
rc = mdt_dlmreq_unpack(info);
RETURN(rc);
}
if (rc < 0)
RETURN(rc);
+ rc = req_check_sepol(pill);
+ if (rc)
+ RETURN(rc);
+
rc = mdt_dlmreq_unpack(info);
RETURN(rc);
struct mdt_rec_unlink *rec;
struct lu_attr *attr = &info->mti_attr.ma_attr;
struct mdt_reint_record *rr = &info->mti_rr;
- struct req_capsule *pill = info->mti_pill;
+ struct req_capsule *pill = info->mti_pill;
int rc;
ENTRY;
info->mti_spec.no_create = !!req_is_replay(mdt_info_req(info));
+ rc = req_check_sepol(pill);
+ if (rc)
+ RETURN(rc);
+
rc = mdt_dlmreq_unpack(info);
RETURN(rc);
}
if (rc < 0)
RETURN(rc);
+ spec->no_create = !!req_is_replay(mdt_info_req(info));
+
+ rc = req_check_sepol(pill);
+ if (rc)
+ RETURN(rc);
+
+ rc = mdt_dlmreq_unpack(info);
+
+ RETURN(rc);
+}
+
+static int mdt_migrate_unpack(struct mdt_thread_info *info)
+{
+ struct lu_ucred *uc = mdt_ucred(info);
+ struct mdt_rec_rename *rec;
+ struct lu_attr *attr = &info->mti_attr.ma_attr;
+ struct mdt_reint_record *rr = &info->mti_rr;
+ struct req_capsule *pill = info->mti_pill;
+ struct md_op_spec *spec = &info->mti_spec;
+ int rc;
+
+ ENTRY;
+
+ CLASSERT(sizeof(*rec) == sizeof(struct mdt_rec_reint));
+ rec = req_capsule_client_get(pill, &RMF_REC_REINT);
+ if (rec == NULL)
+ RETURN(-EFAULT);
+
+ /* This prior initialization is needed for old_init_ucred_reint() */
+ uc->uc_fsuid = rec->rn_fsuid;
+ uc->uc_fsgid = rec->rn_fsgid;
+ uc->uc_cap = rec->rn_cap;
+ uc->uc_suppgids[0] = rec->rn_suppgid1;
+ uc->uc_suppgids[1] = rec->rn_suppgid2;
+
+ attr->la_uid = rec->rn_fsuid;
+ attr->la_gid = rec->rn_fsgid;
+ rr->rr_fid1 = &rec->rn_fid1;
+ rr->rr_fid2 = &rec->rn_fid2;
+ attr->la_ctime = rec->rn_time;
+ attr->la_mtime = rec->rn_time;
+ /* rename_tgt contains the mode already */
+ attr->la_mode = rec->rn_mode;
+ attr->la_valid = LA_UID | LA_GID | LA_CTIME | LA_MTIME | LA_MODE;
+
+ rc = mdt_name_unpack(pill, &RMF_NAME, &rr->rr_name, 0);
+ if (rc < 0)
+ RETURN(rc);
+
if (rec->rn_bias & MDS_CLOSE_MIGRATE) {
- req_capsule_extend(info->mti_pill, &RQF_MDS_REINT_MIGRATE);
rc = mdt_close_handle_unpack(info);
if (rc)
RETURN(rc);
rr->rr_eadatalen = req_capsule_get_size(pill,
&RMF_EADATA,
RCL_CLIENT);
+
if (rr->rr_eadatalen > 0) {
rr->rr_eadata = req_capsule_client_get(pill,
&RMF_EADATA);
uc->uc_suppgids[1] = rec->cr_suppgid2;
uc->uc_umask = rec->cr_umask;
- rr->rr_fid1 = &rec->cr_fid1;
- rr->rr_fid2 = &rec->cr_fid2;
- rr->rr_handle = &rec->cr_old_handle;
- attr->la_mode = rec->cr_mode;
- attr->la_rdev = rec->cr_rdev;
- attr->la_uid = rec->cr_fsuid;
- attr->la_gid = rec->cr_fsgid;
- attr->la_ctime = rec->cr_time;
- attr->la_mtime = rec->cr_time;
- attr->la_atime = rec->cr_time;
- attr->la_valid = LA_MODE | LA_RDEV | LA_UID | LA_GID |
- LA_CTIME | LA_MTIME | LA_ATIME;
+ rr->rr_fid1 = &rec->cr_fid1;
+ rr->rr_fid2 = &rec->cr_fid2;
+ rr->rr_open_handle = &rec->cr_open_handle_old;
+ attr->la_mode = rec->cr_mode;
+ attr->la_rdev = rec->cr_rdev;
+ attr->la_uid = rec->cr_fsuid;
+ attr->la_gid = rec->cr_fsgid;
+ attr->la_ctime = rec->cr_time;
+ attr->la_mtime = rec->cr_time;
+ attr->la_atime = rec->cr_time;
+ attr->la_valid = LA_MODE | LA_RDEV | LA_UID | LA_GID |
+ LA_CTIME | LA_MTIME | LA_ATIME;
memset(&info->mti_spec.u, 0, sizeof(info->mti_spec.u));
info->mti_spec.sp_cr_flags = get_mrc_cr_flags(rec);
/* Do not trigger ASSERTION if client miss to set such flags. */
if (req_capsule_field_present(pill, &RMF_EADATA, RCL_CLIENT)) {
rr->rr_eadatalen = req_capsule_get_size(pill, &RMF_EADATA,
RCL_CLIENT);
+
if (rr->rr_eadatalen > 0) {
rr->rr_eadata = req_capsule_client_get(pill,
&RMF_EADATA);
rc = mdt_file_secctx_unpack(pill, &sp->sp_cr_file_secctx_name,
&sp->sp_cr_file_secctx,
&sp->sp_cr_file_secctx_size);
+ if (rc < 0)
+ RETURN(rc);
+
+ rc = req_check_sepol(pill);
+ if (rc)
+ RETURN(rc);
RETURN(rc);
}
if (req_capsule_field_present(pill, &RMF_EADATA, RCL_CLIENT)) {
rr->rr_eadatalen = req_capsule_get_size(pill, &RMF_EADATA,
RCL_CLIENT);
+
+ if (rr->rr_eadatalen > info->mti_mdt->mdt_max_ea_size)
+ RETURN(-E2BIG);
+
if (rr->rr_eadatalen > 0) {
rr->rr_eadata = req_capsule_client_get(pill,
&RMF_EADATA);
RETURN(-EFAULT);
}
+ rc = req_check_sepol(pill);
+ if (rc)
+ RETURN(rc);
+
if (mdt_dlmreq_unpack(info) < 0)
RETURN(-EPROTO);
uc->uc_cap = rec->rs_cap;
rr->rr_fid1 = &rec->rs_fid;
+ rr->rr_mirror_id = rec->rs_mirror_id;
/* cookie doesn't need to be swapped but it has been swapped
* in lustre_swab_mdt_rec_reint() as rr_mtime, so here it needs
* restoring. */
if (ptlrpc_req_need_swab(mdt_info_req(info)))
- __swab64s(&rec->rs_handle.cookie);
- rr->rr_handle = &rec->rs_handle;
+ __swab64s(&rec->rs_lease_handle.cookie);
+ rr->rr_lease_handle = &rec->rs_lease_handle;
RETURN(mdt_dlmreq_unpack(info));
}
[REINT_OPEN] = mdt_open_unpack,
[REINT_SETXATTR] = mdt_setxattr_unpack,
[REINT_RMENTRY] = mdt_rmentry_unpack,
- [REINT_MIGRATE] = mdt_rename_unpack,
+ [REINT_MIGRATE] = mdt_migrate_unpack,
[REINT_RESYNC] = mdt_resync_unpack,
};
}
RETURN(rc);
}
+
+void mdt_pack_secctx_in_reply(struct mdt_thread_info *info,
+ struct mdt_object *child)
+{
+ char *secctx_name;
+ struct lu_buf *buffer;
+ struct mdt_body *repbody;
+ struct req_capsule *pill = info->mti_pill;
+ int rc;
+
+ if (req_capsule_has_field(pill, &RMF_FILE_SECCTX, RCL_SERVER) &&
+ req_capsule_get_size(pill, &RMF_FILE_SECCTX, RCL_SERVER) != 0) {
+ secctx_name =
+ req_capsule_client_get(pill, &RMF_FILE_SECCTX_NAME);
+ buffer = &info->mti_buf;
+
+ /* fill reply buffer with security context now */
+ buffer->lb_len = req_capsule_get_size(pill, &RMF_FILE_SECCTX,
+ RCL_SERVER);
+ buffer->lb_buf = req_capsule_server_get(info->mti_pill,
+ &RMF_FILE_SECCTX);
+ rc = mo_xattr_get(info->mti_env, mdt_object_child(child),
+ buffer, secctx_name);
+ if (rc >= 0) {
+ CDEBUG(D_SEC,
+ "found security context of size %d for "DFID"\n",
+ rc, PFID(mdt_object_fid(child)));
+
+ repbody = req_capsule_server_get(pill, &RMF_MDT_BODY);
+ repbody->mbo_valid |= OBD_MD_SECCTX;
+ if (rc < buffer->lb_len)
+ req_capsule_shrink(pill, &RMF_FILE_SECCTX, rc,
+ RCL_SERVER);
+ } else {
+ CDEBUG(D_SEC,
+ "security context not found for "DFID": rc = %d\n",
+ PFID(mdt_object_fid(child)), rc);
+ req_capsule_shrink(pill, &RMF_FILE_SECCTX, 0,
+ RCL_SERVER);
+ }
+ }
+}