kuid_t/kgid_t are wrappered when CONFIG_UIDGID_STRICT_TYPE_CHECKS is on.
Lustre build is broken because we always treat them as plain __u32.
The patch fixes it. Internally, Lustre always use __u32 uid/gid, and
convert to kuid_t/kgid_t when necessary.
Signed-off-by: Peng Tao <tao.peng@emc.com>
Signed-off-by: Andreas Dilger <andreas.dilger@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* Implemented in portals/include/libcfs/<os>/
*/
int cfs_curproc_groups_nr(void);
-int current_is_in_group(gid_t group);
-void cfs_curproc_groups_dump(gid_t *array, int size);
/*
* Plus, platform-specific constant
/* simple.c */
struct lvfs_ucred {
- __u32 luc_uid;
- __u32 luc_gid;
- __u32 luc_fsuid;
- __u32 luc_fsgid;
+ kuid_t luc_uid;
+ kgid_t luc_gid;
+ kuid_t luc_fsuid;
+ kgid_t luc_fsgid;
kernel_cap_t luc_cap;
__u32 luc_umask;
struct group_info *luc_ginfo;
#include <lustre/lustre_user.h>
-#ifndef INVALID_UID
-#define INVALID_UID (-1)
-#endif
-
/** @} cfg */
#endif // _LUSTRE_CFG_H
return nr;
}
-void cfs_curproc_groups_dump(gid_t *array, int size)
-{
- task_lock(current);
- size = min_t(int, size, current_cred()->group_info->ngroups);
- memcpy(array, current_cred()->group_info->blocks[0], size * sizeof(__u32));
- task_unlock(current);
-}
-
-
-int current_is_in_group(gid_t gid)
-{
- return in_group_p(gid);
-}
-
/* Currently all the CFS_CAP_* defines match CAP_* ones. */
#define cfs_cap_pack(cap) (cap)
#define cfs_cap_unpack(cap) (cap)
EXPORT_SYMBOL(cfs_get_environ);
EXPORT_SYMBOL(cfs_curproc_groups_nr);
-EXPORT_SYMBOL(cfs_curproc_groups_dump);
-EXPORT_SYMBOL(current_is_in_group);
EXPORT_SYMBOL(cfs_cap_raise);
EXPORT_SYMBOL(cfs_cap_lower);
EXPORT_SYMBOL(cfs_cap_raised);
struct cfs_psdev_file pfile;
int rc = 0;
- if (current_fsuid() != 0)
+ if (!capable(CAP_SYS_ADMIN))
return -EACCES;
if ( _IOC_TYPE(cmd) != IOC_LIBCFS_TYPE ||
op_data->op_cli_flags |= CLI_SET_MEA;
err = md_create(sbi->ll_md_exp, op_data, lump, sizeof(*lump), mode,
- current_fsuid(), current_fsgid(),
+ from_kuid(&init_user_ns, current_fsuid()),
+ from_kgid(&init_user_ns, current_fsgid()),
cfs_curproc_cap_pack(), 0, &request);
ll_finish_md_op_data(op_data);
if (err)
RETURN(-EPERM);
break;
case Q_GETQUOTA:
- if (((type == USRQUOTA && current_euid() != id) ||
- (type == GRPQUOTA && !in_egroup_p(id))) &&
+ if (((type == USRQUOTA &&
+ uid_eq(current_euid(), make_kuid(&init_user_ns, id))) ||
+ (type == GRPQUOTA &&
+ !in_egroup_p(make_kgid(&init_user_ns, id)))) &&
(!cfs_capable(CFS_CAP_SYS_ADMIN) ||
sbi->ll_flags & LL_SBI_RMT_CLIENT))
RETURN(-EPERM);
/* POSIX: check before ATTR_*TIME_SET set (from inode_change_ok) */
if (attr->ia_valid & TIMES_SET_FLAGS) {
- if (current_fsuid() != inode->i_uid &&
+ if ((!uid_eq(current_fsuid(), inode->i_uid)) &&
!cfs_capable(CFS_CAP_FOWNER))
RETURN(-EPERM);
}
inode->i_blkbits = inode->i_sb->s_blocksize_bits;
}
if (body->valid & OBD_MD_FLUID)
- inode->i_uid = body->uid;
+ inode->i_uid = make_kuid(&init_user_ns, body->uid);
if (body->valid & OBD_MD_FLGID)
- inode->i_gid = body->gid;
+ inode->i_gid = make_kgid(&init_user_ns, body->gid);
if (body->valid & OBD_MD_FLFLAGS)
inode->i_flags = ll_ext_to_inode_flags(body->flags);
if (body->valid & OBD_MD_FLNLINK)
{
struct ll_sb_info *sbi = ll_i2sbi(inode);
- CDEBUG(D_SEC, "flush context for user %d\n", current_uid());
+ CDEBUG(D_SEC, "flush context for user %d\n",
+ from_kuid(&init_user_ns, current_uid()));
obd_set_info_async(NULL, sbi->ll_md_exp,
sizeof(KEY_FLUSH_CTX), KEY_FLUSH_CTX,
op_data->op_namelen = namelen;
op_data->op_mode = mode;
op_data->op_mod_time = cfs_time_current_sec();
- op_data->op_fsuid = current_fsuid();
- op_data->op_fsgid = current_fsgid();
+ op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid());
op_data->op_cap = cfs_curproc_cap_pack();
op_data->op_bias = 0;
op_data->op_cli_flags = 0;
sbi->ll_stats_track_id == current->parent->pid)
lprocfs_counter_add(sbi->ll_stats, op, count);
else if (sbi->ll_stats_track_type == STATS_TRACK_GID &&
- sbi->ll_stats_track_id == current_gid())
+ sbi->ll_stats_track_id ==
+ from_kgid(&init_user_ns, current_gid()))
lprocfs_counter_add(sbi->ll_stats, op, count);
}
EXPORT_SYMBOL(ll_stats_ops_tally);
__u32 ll_i2suppgid(struct inode *i)
{
- if (current_is_in_group(i->i_gid))
- return (__u32)i->i_gid;
+ if (in_group_p(i->i_gid))
+ return (__u32)from_kgid(&init_user_ns, i->i_gid);
else
return (__u32)(-1);
}
GOTO(err_exit, err = PTR_ERR(op_data));
err = md_create(sbi->ll_md_exp, op_data, tgt, tgt_len, mode,
- current_fsuid(), current_fsgid(),
+ from_kuid(&init_user_ns, current_fsuid()),
+ from_kgid(&init_user_ns, current_fsgid()),
cfs_curproc_cap_pack(), rdev, &request);
ll_finish_md_op_data(op_data);
if (err)
if (!lli->lli_remote_perms)
RETURN(-ENOENT);
- head = lli->lli_remote_perms + remote_perm_hashfunc(current_uid());
+ head = lli->lli_remote_perms +
+ remote_perm_hashfunc(from_kuid(&init_user_ns, current_uid()));
spin_lock(&lli->lli_lock);
hlist_for_each_entry(lrp, head, lrp_list) {
- if (lrp->lrp_uid != current_uid())
+ if (lrp->lrp_uid != from_kuid(&init_user_ns, current_uid()))
continue;
- if (lrp->lrp_gid != current_gid())
+ if (lrp->lrp_gid != from_kgid(&init_user_ns, current_gid()))
continue;
- if (lrp->lrp_fsuid != current_fsuid())
+ if (lrp->lrp_fsuid != from_kuid(&init_user_ns, current_fsuid()))
continue;
- if (lrp->lrp_fsgid != current_fsgid())
+ if (lrp->lrp_fsgid != from_kgid(&init_user_ns, current_fsgid()))
continue;
found = 1;
break;
attr->cat_atime = LTIME_S(inode->i_atime);
attr->cat_ctime = LTIME_S(inode->i_ctime);
attr->cat_blocks = inode->i_blocks;
- attr->cat_uid = inode->i_uid;
- attr->cat_gid = inode->i_gid;
+ attr->cat_uid = from_kuid(&init_user_ns, inode->i_uid);
+ attr->cat_gid = from_kgid(&init_user_ns, inode->i_gid);
/* KMS is not known by this layer */
return 0; /* layers below have to fill in the rest */
}
struct inode *inode = ccc_object_inode(obj);
if (valid & CAT_UID)
- inode->i_uid = attr->cat_uid;
+ inode->i_uid = make_kuid(&init_user_ns, attr->cat_uid);
if (valid & CAT_GID)
- inode->i_gid = attr->cat_gid;
+ inode->i_gid = make_kgid(&init_user_ns, attr->cat_gid);
if (valid & CAT_ATIME)
LTIME_S(inode->i_atime) = attr->cat_atime;
if (valid & CAT_MTIME)
PFID(&op_data->op_fid2), op_data->op_namelen,
op_data->op_name, PFID(&op_data->op_fid1));
- op_data->op_fsuid = current_fsuid();
- op_data->op_fsgid = current_fsgid();
+ op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid());
op_data->op_cap = cfs_curproc_cap_pack();
tgt = lmv_locate_mds(lmv, op_data, &op_data->op_fid2);
if (IS_ERR(tgt))
if (rc)
RETURN(rc);
- op_data->op_fsuid = current_fsuid();
- op_data->op_fsgid = current_fsgid();
+ op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid());
op_data->op_cap = cfs_curproc_cap_pack();
src_tgt = lmv_locate_mds(lmv, op_data, &op_data->op_fid1);
if (IS_ERR(src_tgt))
if (IS_ERR(tgt))
RETURN(PTR_ERR(tgt));
- op_data->op_fsuid = current_fsuid();
- op_data->op_fsgid = current_fsgid();
+ op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid());
op_data->op_cap = cfs_curproc_cap_pack();
/*
LASSERT (b != NULL);
b->suppgid = suppgid;
- b->uid = current_uid();
- b->gid = current_gid();
- b->fsuid = current_fsuid();
- b->fsgid = current_fsgid();
+ b->uid = from_kuid(&init_user_ns, current_uid());
+ b->gid = from_kgid(&init_user_ns, current_gid());
+ b->fsuid = from_kuid(&init_user_ns, current_fsuid());
+ b->fsgid = from_kgid(&init_user_ns, current_fsgid());
b->capability = cfs_curproc_cap_pack();
}
/* XXX do something about time, uid, gid */
rec->cr_opcode = REINT_OPEN;
- rec->cr_fsuid = current_fsuid();
- rec->cr_fsgid = current_fsgid();
+ rec->cr_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ rec->cr_fsgid = from_kgid(&init_user_ns, current_fsgid());
rec->cr_cap = cfs_curproc_cap_pack();
if (op_data != NULL) {
rec->cr_fid1 = op_data->op_fid1;
struct md_op_data *op_data)
{
rec->sa_opcode = REINT_SETATTR;
- rec->sa_fsuid = current_fsuid();
- rec->sa_fsgid = current_fsgid();
+ rec->sa_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ rec->sa_fsgid = from_kgid(&init_user_ns, current_fsgid());
rec->sa_cap = cfs_curproc_cap_pack();
rec->sa_suppgid = -1;
rec->sa_fid = op_data->op_fid1;
rec->sa_valid = attr_pack(op_data->op_attr.ia_valid);
rec->sa_mode = op_data->op_attr.ia_mode;
- rec->sa_uid = op_data->op_attr.ia_uid;
- rec->sa_gid = op_data->op_attr.ia_gid;
+ rec->sa_uid = from_kuid(&init_user_ns, op_data->op_attr.ia_uid);
+ rec->sa_gid = from_kgid(&init_user_ns, op_data->op_attr.ia_gid);
rec->sa_size = op_data->op_attr.ia_size;
rec->sa_blocks = op_data->op_attr_blocks;
rec->sa_atime = LTIME_S(op_data->op_attr.ia_atime);
rec->sa_ctime = LTIME_S(op_data->op_attr.ia_ctime);
rec->sa_attr_flags = ((struct ll_iattr *)&op_data->op_attr)->ia_attr_flags;
if ((op_data->op_attr.ia_valid & ATTR_GID) &&
- current_is_in_group(op_data->op_attr.ia_gid))
- rec->sa_suppgid = op_data->op_attr.ia_gid;
+ in_group_p(op_data->op_attr.ia_gid))
+ rec->sa_suppgid =
+ from_kgid(&init_user_ns, op_data->op_attr.ia_gid);
else
rec->sa_suppgid = op_data->op_suppgids[0];
sizeof(struct mdt_rec_reint));
rec = req_capsule_client_get(&req->rq_pill, &RMF_REC_REINT);
rec->sx_opcode = REINT_SETXATTR;
- /* TODO:
- * cfs_curproc_fs{u,g}id() should replace
- * current->fs{u,g}id for portability.
- */
- rec->sx_fsuid = current_fsuid();
- rec->sx_fsgid = current_fsgid();
+ rec->sx_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ rec->sx_fsgid = from_kgid(&init_user_ns, current_fsgid());
rec->sx_cap = cfs_curproc_cap_pack();
rec->sx_suppgid1 = suppgid;
rec->sx_suppgid2 = -1;
/* Use process name + fsuid as jobid */
if (strcmp(obd_jobid_var, JOBSTATS_PROCNAME_UID) == 0) {
snprintf(jobid, JOBSTATS_JOBID_SIZE, "%s.%u",
- current_comm(), current_fsuid());
+ current_comm(),
+ from_kuid(&init_user_ns, current_fsuid()));
RETURN(0);
}
right = group_info->ngroups;
while (left < right) {
int mid = (left + right) / 2;
- int cmp = grp - CFS_GROUP_AT(group_info, mid);
+ int cmp = grp -
+ from_kgid(&init_user_ns, CFS_GROUP_AT(group_info, mid));
if (cmp > 0)
left = mid + 1;
for (base = 0; base < max; base++) {
int left = base;
int right = left + stride;
- gid_t tmp = CFS_GROUP_AT(group_info, right);
+ gid_t tmp = from_kgid(&init_user_ns,
+ CFS_GROUP_AT(group_info, right));
while (left >= 0 &&
- CFS_GROUP_AT(group_info, left) > tmp) {
+ tmp < from_kgid(&init_user_ns,
+ CFS_GROUP_AT(group_info, left))) {
CFS_GROUP_AT(group_info, right) =
CFS_GROUP_AT(group_info, left);
right = left;
left -= stride;
}
- CFS_GROUP_AT(group_info, right) = tmp;
+ CFS_GROUP_AT(group_info, right) =
+ make_kgid(&init_user_ns, tmp);
}
stride /= 3;
}
if (valid & OBD_MD_FLMODE)
dst->i_mode = (dst->i_mode & S_IFMT) | (src->o_mode & ~S_IFMT);
if (valid & OBD_MD_FLUID)
- dst->i_uid = src->o_uid;
+ dst->i_uid = make_kuid(&init_user_ns, src->o_uid);
if (valid & OBD_MD_FLGID)
- dst->i_gid = src->o_gid;
+ dst->i_gid = make_kgid(&init_user_ns, src->o_gid);
if (valid & OBD_MD_FLFLAGS)
dst->i_flags = src->o_flags;
}
newvalid |= OBD_MD_FLMODE;
}
if (valid & OBD_MD_FLUID) {
- dst->o_uid = src->i_uid;
+ dst->o_uid = from_kuid(&init_user_ns, src->i_uid);
newvalid |= OBD_MD_FLUID;
}
if (valid & OBD_MD_FLGID) {
- dst->o_gid = src->i_gid;
+ dst->o_gid = from_kgid(&init_user_ns, src->i_gid);
newvalid |= OBD_MD_FLGID;
}
if (valid & OBD_MD_FLFLAGS) {
if (ia_valid & ATTR_MODE) {
oa->o_mode = attr->ia_mode;
oa->o_valid |= OBD_MD_FLTYPE | OBD_MD_FLMODE;
- if (!current_is_in_group(oa->o_gid) &&
+ if (!in_group_p(make_kgid(&init_user_ns, oa->o_gid)) &&
!cfs_capable(CFS_CAP_FSETID))
oa->o_mode &= ~S_ISGID;
}
if (ia_valid & ATTR_UID) {
- oa->o_uid = attr->ia_uid;
+ oa->o_uid = from_kuid(&init_user_ns, attr->ia_uid);
oa->o_valid |= OBD_MD_FLUID;
}
if (ia_valid & ATTR_GID) {
- oa->o_gid = attr->ia_gid;
+ oa->o_gid = from_kgid(&init_user_ns, attr->ia_gid);
oa->o_valid |= OBD_MD_FLGID;
}
}
if (valid & OBD_MD_FLMODE) {
attr->ia_mode = (attr->ia_mode & S_IFMT)|(oa->o_mode & ~S_IFMT);
attr->ia_valid |= ATTR_MODE;
- if (!current_is_in_group(oa->o_gid) &&
+ if (!in_group_p(make_kgid(&init_user_ns, oa->o_gid)) &&
!cfs_capable(CFS_CAP_FSETID))
attr->ia_mode &= ~S_ISGID;
}
if (valid & OBD_MD_FLUID) {
- attr->ia_uid = oa->o_uid;
+ attr->ia_uid = make_kuid(&init_user_ns, oa->o_uid);
attr->ia_valid |= ATTR_UID;
}
if (valid & OBD_MD_FLGID) {
- attr->ia_gid = oa->o_gid;
+ attr->ia_gid = make_kgid(&init_user_ns, oa->o_gid);
attr->ia_valid |= ATTR_GID;
}
}
ucred->uc_suppgids[0] = -1;
ucred->uc_suppgids[1] = -1;
- ucred->uc_uid = ucred->uc_o_uid = current_uid();
- ucred->uc_gid = ucred->uc_o_gid = current_gid();
- ucred->uc_fsuid = ucred->uc_o_fsuid = current_fsuid();
- ucred->uc_fsgid = ucred->uc_o_fsgid = current_fsgid();
+ ucred->uc_uid = ucred->uc_o_uid =
+ from_kuid(&init_user_ns, current_uid());
+ ucred->uc_gid = ucred->uc_o_gid =
+ from_kgid(&init_user_ns, current_gid());
+ ucred->uc_fsuid = ucred->uc_o_fsuid =
+ from_kuid(&init_user_ns, current_fsuid());
+ ucred->uc_fsgid = ucred->uc_o_fsgid =
+ from_kgid(&init_user_ns, current_fsgid());
ucred->uc_cap = cfs_curproc_cap_pack();
/* remove fs privilege for non-root user. */
remove_dead = 0;
}
} else {
- vcred.vc_uid = current_uid();
- vcred.vc_gid = current_gid();
+ vcred.vc_uid = from_kuid(&init_user_ns, current_uid());
+ vcred.vc_gid = from_kgid(&init_user_ns, current_gid());
}
return sec->ps_policy->sp_cops->lookup_ctx(sec, &vcred,
void sptlrpc_import_flush_my_ctx(struct obd_import *imp)
{
- import_flush_ctx_common(imp, current_uid(), 1, 1);
+ import_flush_ctx_common(imp, from_kuid(&init_user_ns, current_uid()),
+ 1, 1);
}
EXPORT_SYMBOL(sptlrpc_import_flush_my_ctx);
req->rq_flvr.sf_rpc = WIRE_FLVR(msg->lm_secflvr);
req->rq_sp_from = LUSTRE_SP_ANY;
- req->rq_auth_uid = INVALID_UID;
- req->rq_auth_mapped_uid = INVALID_UID;
+ req->rq_auth_uid = -1;
+ req->rq_auth_mapped_uid = -1;
policy = sptlrpc_wireflavor2policy(req->rq_flvr.sf_rpc);
if (!policy) {
pud = lustre_msg_buf(msg, offset, 0);
- pud->pud_uid = current_uid();
- pud->pud_gid = current_gid();
- pud->pud_fsuid = current_fsuid();
- pud->pud_fsgid = current_fsgid();
+ pud->pud_uid = from_kuid(&init_user_ns, current_uid());
+ pud->pud_gid = from_kgid(&init_user_ns, current_gid());
+ pud->pud_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ pud->pud_fsgid = from_kgid(&init_user_ns, current_fsgid());
pud->pud_cap = cfs_curproc_cap_pack();
pud->pud_ngroups = (msg->lm_buflens[offset] - sizeof(*pud)) / 4;