static struct dentry *ll_lookup_it(struct inode *parent, struct dentry *dentry,
struct lookup_intent *it)
{
- struct lookup_intent lookup_it = { .it_op = IT_LOOKUP };
- struct dentry *save = dentry, *retval;
- struct ptlrpc_request *req = NULL;
- struct md_op_data *op_data;
+ struct lookup_intent lookup_it = { .it_op = IT_LOOKUP };
+ struct dentry *save = dentry, *retval;
+ struct ptlrpc_request *req = NULL;
+ struct md_op_data *op_data = NULL;
__u32 opc;
int rc;
ENTRY;
op_data = ll_prep_md_op_data(NULL, parent, NULL, dentry->d_name.name,
dentry->d_name.len, 0, opc, NULL);
- if (IS_ERR(op_data))
- RETURN((void *)op_data);
+ if (IS_ERR(op_data))
+ RETURN((void *)op_data);
- /* enforce umask if acl disabled or MDS doesn't support umask */
- if (!IS_POSIXACL(parent) || !exp_connect_umask(ll_i2mdexp(parent)))
+ /* enforce umask if acl disabled or MDS doesn't support umask */
+ if (!IS_POSIXACL(parent) || !exp_connect_umask(ll_i2mdexp(parent)))
it->it_create_mode &= ~current_umask();
rc = md_intent_lock(ll_i2mdexp(parent), op_data, it, &req,
&ll_md_blocking_ast, 0);
- ll_finish_md_op_data(op_data);
- if (rc < 0)
- GOTO(out, retval = ERR_PTR(rc));
+ /* If the MDS allows the client to chgrp (CFS_SETGRP_PERM), but the
+ * client does not know which suppgid should be sent to the MDS, or
+ * some other(s) changed the target file's GID after this RPC sent
+ * to the MDS with the suppgid as the original GID, then we should
+ * try again with right suppgid. */
+ if (rc == -EACCES && it->it_op & IT_OPEN &&
+ it_disposition(it, DISP_OPEN_DENY)) {
+ struct mdt_body *body;
+
+ LASSERT(req != NULL);
+
+ body = req_capsule_server_get(&req->rq_pill, &RMF_MDT_BODY);
+ if (op_data->op_suppgids[0] == body->mbo_gid ||
+ op_data->op_suppgids[1] == body->mbo_gid ||
+ !in_group_p(make_kgid(&init_user_ns, body->mbo_gid)))
+ GOTO(out, retval = ERR_PTR(-EACCES));
+
+ fid_zero(&op_data->op_fid2);
+ op_data->op_suppgids[1] = body->mbo_gid;
+ ptlrpc_req_finished(req);
+ req = NULL;
+ ll_intent_release(it);
+ rc = md_intent_lock(ll_i2mdexp(parent), op_data, it, &req,
+ &ll_md_blocking_ast, 0);
+ }
+
+ if (rc < 0)
+ GOTO(out, retval = ERR_PTR(rc));
rc = ll_lookup_it_finish(req, it, parent, &dentry);
if (rc != 0) {
}
ll_lookup_finish_locks(it, dentry);
- retval = (dentry == save) ? NULL : dentry;
- EXIT;
+ GOTO(out, retval = (dentry == save) ? NULL : dentry);
out:
+ if (op_data != NULL && !IS_ERR(op_data))
+ ll_finish_md_op_data(op_data);
+
ptlrpc_req_finished(req);
return retval;
}
return rc;
}
+/**
+ * Check whether allow the client to set supplementary group IDs or not.
+ *
+ * \param[in] info pointer to the thread context
+ * \param[in] uc pointer to the RPC user descriptor
+ *
+ * \retval true if allow to set supplementary group IDs
+ * \retval false for other cases
+ */
+bool allow_client_chgrp(struct mdt_thread_info *info, struct lu_ucred *uc)
+{
+ __u32 remote = exp_connect_rmtclient(info->mti_exp);
+ __u32 perm;
+
+ /* 1. If identity_upcall is disabled, then forbid remote client to set
+ * supplementary group IDs, but permit local client to do that. */
+ if (is_identity_get_disabled(info->mti_mdt->mdt_identity_cache)) {
+ if (remote)
+ return false;
+
+ return true;
+ }
+
+ /* 2. If fail to get related identities, then forbid any client to
+ * set supplementary group IDs. */
+ if (uc->uc_identity == NULL)
+ return false;
+
+ /* 3. Check the permission in the identities. */
+ perm = mdt_identity_get_perm(uc->uc_identity, remote,
+ mdt_info_req(info)->rq_peer.nid);
+ if (perm & CFS_SETGRP_PERM)
+ return true;
+
+ return false;
+}
+
int mdt_check_ucred(struct mdt_thread_info *info)
{
struct ptlrpc_request *req = mdt_info_req(info);
rc = mo_open(info->mti_env, mdt_object_child(o),
created ? flags | MDS_OPEN_CREATED : flags);
- if (rc)
- GOTO(err_out, rc);
+ if (rc != 0) {
+ /* If we allow the client to chgrp (CFS_SETGRP_PERM), but the
+ * client does not know which suppgid should be sent to the MDS,
+ * or some other(s) changed the target file's GID after this RPC
+ * sent to the MDS with the suppgid as the original GID, then we
+ * give the client another chance to send the right suppgid. */
+ if (rc == -EACCES &&
+ allow_client_chgrp(info, lu_ucred(info->mti_env)))
+ mdt_set_disposition(info, rep, DISP_OPEN_DENY);
+
+ GOTO(err_out, rc);
+ }
mfd = mdt_mfd_new(med);
if (mfd == NULL)