In new_init_ucred(), only set groups for local client if GID is
not squashed. Otherwise, GID squashing would be by-passed.
Test-Parameters: testlist=sanity-sec envdefinitions=ONLY="17 18 19 20 21 22",SHARED_KEY=true
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I56961c62a93d99e6a62c72cca7b4fa6e9b3388b9
Reviewed-on: https://review.whamcloud.com/33316
Tested-by: Jenkins
Reviewed-by: John L. Hammond <jhammond@whamcloud.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: James Simmons <uja.ornl@yahoo.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
__u32 perm = 0;
int setuid;
int setgid;
__u32 perm = 0;
int setuid;
int setgid;
+ bool is_nm_gid_squashed = false;
ucred->uc_suppgids[0] = -1;
ucred->uc_suppgids[1] = -1;
}
ucred->uc_suppgids[0] = -1;
ucred->uc_suppgids[1] = -1;
}
+
+ if (nodemap && ucred->uc_o_gid == nodemap->nm_squash_gid)
+ is_nm_gid_squashed = true;
+
nodemap_putref(nodemap);
if (type == BODY_INIT) {
nodemap_putref(nodemap);
if (type == BODY_INIT) {
}
if (perm & CFS_SETGRP_PERM) {
}
if (perm & CFS_SETGRP_PERM) {
- if (pud->pud_ngroups) {
+ /* only set groups if GID is not squashed */
+ if (pud->pud_ngroups && !is_nm_gid_squashed) {
/* setgroups for local client */
ucred->uc_ginfo = groups_alloc(pud->pud_ngroups);
if (!ucred->uc_ginfo) {
/* setgroups for local client */
ucred->uc_ginfo = groups_alloc(pud->pud_ngroups);
if (!ucred->uc_ginfo) {
pud->pud_groups);
lustre_groups_sort(ucred->uc_ginfo);
} else {
pud->pud_groups);
lustre_groups_sort(ucred->uc_ginfo);
} else {
+ ucred->uc_suppgids[0] = -1;
+ ucred->uc_suppgids[1] = -1;
ucred->uc_ginfo = NULL;
}
} else {
ucred->uc_ginfo = NULL;
}
} else {
run_test 16 "test nodemap all_off fileops"
test_17() {
run_test 16 "test nodemap all_off fileops"
test_17() {
+ if $SHARED_KEY &&
+ [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.55) ]; then
+ skip "Need MDS >= 2.11.55"
+ fi
+
nodemap_version_check || return 0
nodemap_test_setup
nodemap_version_check || return 0
nodemap_test_setup
run_test 17 "test nodemap trusted_noadmin fileops"
test_18() {
run_test 17 "test nodemap trusted_noadmin fileops"
test_18() {
+ if $SHARED_KEY &&
+ [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.55) ]; then
+ skip "Need MDS >= 2.11.55"
+ fi
+
nodemap_version_check || return 0
nodemap_test_setup
nodemap_version_check || return 0
nodemap_test_setup
run_test 18 "test nodemap mapped_noadmin fileops"
test_19() {
run_test 18 "test nodemap mapped_noadmin fileops"
test_19() {
+ if $SHARED_KEY &&
+ [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.55) ]; then
+ skip "Need MDS >= 2.11.55"
+ fi
+
nodemap_version_check || return 0
nodemap_test_setup
nodemap_version_check || return 0
nodemap_test_setup
run_test 19 "test nodemap trusted_admin fileops"
test_20() {
run_test 19 "test nodemap trusted_admin fileops"
test_20() {
+ if $SHARED_KEY &&
+ [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.55) ]; then
+ skip "Need MDS >= 2.11.55"
+ fi
+
nodemap_version_check || return 0
nodemap_test_setup
nodemap_version_check || return 0
nodemap_test_setup
run_test 20 "test nodemap mapped_admin fileops"
test_21() {
run_test 20 "test nodemap mapped_admin fileops"
test_21() {
+ if $SHARED_KEY &&
+ [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.55) ]; then
+ skip "Need MDS >= 2.11.55"
+ fi
+
nodemap_version_check || return 0
nodemap_test_setup
nodemap_version_check || return 0
nodemap_test_setup
run_test 21 "test nodemap mapped_trusted_noadmin fileops"
test_22() {
run_test 21 "test nodemap mapped_trusted_noadmin fileops"
test_22() {
+ if $SHARED_KEY &&
+ [ $(lustre_version_code $SINGLEMDS) -lt $(version_code 2.11.55) ]; then
+ skip "Need MDS >= 2.11.55"
+ fi
+
nodemap_version_check || return 0
nodemap_test_setup
nodemap_version_check || return 0
nodemap_test_setup