int ptlrpc_user_desc_do_idmap(struct ptlrpc_request *req, struct ptlrpc_user_desc *pud) { struct mdt_export_data *med = mdt_req2med(req); struct lustre_idmap_table *idmap = med->med_idmap; uid_t uid, fsuid; gid_t gid, fsgid; /* Only remote client need desc_to_idmap. */ if (!exp_connect_rmtclient(req->rq_export)) return 0; uid = lustre_idmap_lookup_uid(NULL, idmap, 0, pud->pud_uid); if (uid == CFS_IDMAP_NOTFOUND) { CDEBUG(D_SEC, "no mapping for uid %u\n", pud->pud_uid); return -EACCES; } if (pud->pud_uid == pud->pud_fsuid) { fsuid = uid; } else { fsuid = lustre_idmap_lookup_uid(NULL, idmap, 0, pud->pud_fsuid); if (fsuid == CFS_IDMAP_NOTFOUND) { CDEBUG(D_SEC, "no mapping for fsuid %u\n", pud->pud_fsuid); return -EACCES; } } gid = lustre_idmap_lookup_gid(NULL, idmap, 0, pud->pud_gid); if (gid == CFS_IDMAP_NOTFOUND) { CDEBUG(D_SEC, "no mapping for gid %u\n", pud->pud_gid); return -EACCES; } if (pud->pud_gid == pud->pud_fsgid) { fsgid = gid; } else { fsgid = lustre_idmap_lookup_gid(NULL, idmap, 0, pud->pud_fsgid); if (fsgid == CFS_IDMAP_NOTFOUND) { CDEBUG(D_SEC, "no mapping for fsgid %u\n", pud->pud_fsgid); return -EACCES; } } pud->pud_uid = uid; pud->pud_gid = gid; pud->pud_fsuid = fsuid; pud->pud_fsgid = fsgid; return 0; }
/* Do not ignore root_squash for non-setattr case. */ int mdt_fix_attr_ucred(struct mdt_thread_info *info, __u32 op) { struct ptlrpc_request *req = mdt_info_req(info); struct md_ucred *uc = mdt_ucred(info); struct lu_attr *attr = &info->mti_attr.ma_attr; struct mdt_export_data *med = mdt_req2med(req); struct lustre_idmap_table *idmap = med->med_idmap; if ((uc->mu_valid != UCRED_OLD) && (uc->mu_valid != UCRED_NEW)) return -EINVAL; if (op != REINT_SETATTR) { if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) attr->la_uid = uc->mu_fsuid; /* for S_ISGID, inherit gid from his parent, such work will be * done in cmm/mdd layer, here set all cases as uc->mu_fsgid. */ if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) attr->la_gid = uc->mu_fsgid; } else if (exp_connect_rmtclient(info->mti_exp)) { /* NB: -1 case will be handled by mdt_fix_attr() later. */ if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) { uid_t uid = lustre_idmap_lookup_uid(uc, idmap, 0, attr->la_uid); if (uid == CFS_IDMAP_NOTFOUND) { CDEBUG(D_SEC, "Deny chown to uid %u\n", attr->la_uid); return -EPERM; } attr->la_uid = uid; } if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) { gid_t gid = lustre_idmap_lookup_gid(uc, idmap, 0, attr->la_gid); if (gid == CFS_IDMAP_NOTFOUND) { CDEBUG(D_SEC, "Deny chown to gid %u\n", attr->la_gid); return -EPERM; } attr->la_gid = gid; } } return 0; }
/* * Reverse mapping */ void mdt_body_reverse_idmap(struct mdt_thread_info *info, struct mdt_body *body) { struct ptlrpc_request *req = mdt_info_req(info); struct lu_ucred *uc = mdt_ucred(info); struct mdt_export_data *med = mdt_req2med(req); struct lustre_idmap_table *idmap = med->med_idmap; if (!exp_connect_rmtclient(info->mti_exp)) return; if (body->mbo_valid & OBD_MD_FLUID) { uid_t uid; uid = lustre_idmap_lookup_uid(uc, idmap, 1, body->mbo_uid); if (uid == CFS_IDMAP_NOTFOUND) { uid = NOBODY_UID; if (body->mbo_valid & OBD_MD_FLMODE) body->mbo_mode = (body->mbo_mode & ~S_IRWXU) | ((body->mbo_mode & S_IRWXO) << 6); } body->mbo_uid = uid; } if (body->mbo_valid & OBD_MD_FLGID) { gid_t gid; gid = lustre_idmap_lookup_gid(uc, idmap, 1, body->mbo_gid); if (gid == CFS_IDMAP_NOTFOUND) { gid = NOBODY_GID; if (body->mbo_valid & OBD_MD_FLMODE) body->mbo_mode = (body->mbo_mode & ~S_IRWXG) | ((body->mbo_mode & S_IRWXO) << 3); } body->mbo_gid = gid; } }