1 files changed, 46 insertions, 15 deletions

diff --git a/rpc/rpc-lib/src/auth-glusterfs.c b/rpc/rpc-lib/src/auth-glusterfs.c
index 9996bfad4..db488434c 100644
--- a/rpc/rpc-lib/src/auth-glusterfs.c
+++ b/rpc/rpc-lib/src/auth-glusterfs.c
@@ -1,20 +1,11 @@
 /*
-  Copyright (c) 2010-2011 Gluster, Inc. <http://www.gluster.com>
+  Copyright (c) 2008-2012 Red Hat, Inc. <http://www.redhat.com>
   This file is part of GlusterFS.
 
-  GlusterFS is free software; you can redistribute it and/or modify
-  it under the terms of the GNU General Public License as published
-  by the Free Software Foundation; either version 3 of the License,
-  or (at your option) any later version.
-
-  GlusterFS is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-  General Public License for more details.
-
-  You should have received a copy of the GNU General Public License
-  along with this program.  If not, see
-  <http://www.gnu.org/licenses/>.
+  This file is licensed to you under your choice of the GNU Lesser
+  General Public License, version 3 or any later version (LGPLv3 or
+  later), or the GNU General Public License, version 2 (GPLv2), in all
+  cases as published by the Free Software Foundation.
 */
 
 
@@ -73,9 +64,9 @@ int auth_glusterfs_authenticate (rpcsvc_request_t *req, void *priv)
         struct auth_glusterfs_parms  au = {0,};
 
         int ret      = RPCSVC_AUTH_REJECT;
-        int gidcount = 0;
         int j        = 0;
         int i        = 0;
+        int gidcount = 0;
 
         if (!req)
                 return ret;
@@ -105,9 +96,27 @@ int auth_glusterfs_authenticate (rpcsvc_request_t *req, void *priv)
                 goto err;
         }
 
+	if (req->auxgidcount > SMALL_GROUP_COUNT) {
+		req->auxgidlarge = GF_CALLOC(req->auxgidcount,
+					     sizeof(req->auxgids[0]),
+					     gf_common_mt_auxgids);
+		req->auxgids = req->auxgidlarge;
+	} else {
+		req->auxgids = req->auxgidsmall;
+	}
+
+	if (!req->auxgids) {
+		gf_log ("auth-glusterfs", GF_LOG_WARNING,
+			"cannot allocate gid list");
+		ret = RPCSVC_AUTH_REJECT;
+		goto err;
+	}
+
         for (gidcount = 0; gidcount < au.ngrps; ++gidcount)
                 req->auxgids[gidcount] = au.groups[gidcount];
 
+        RPC_AUTH_ROOT_SQUASH(req);
+
         gf_log (GF_RPCSVC, GF_LOG_TRACE, "Auth Info: pid: %u, uid: %d"
                 ", gid: %d, owner: %s",
                 req->pid, req->uid, req->gid, lkowner_utoa (&req->lk_owner));
@@ -210,17 +219,39 @@ int auth_glusterfs_v2_authenticate (rpcsvc_request_t *req, void *priv)
                 goto err;
         }
 
+	if (req->auxgidcount > SMALL_GROUP_COUNT) {
+		req->auxgidlarge = GF_CALLOC(req->auxgidcount,
+					     sizeof(req->auxgids[0]),
+					     gf_common_mt_auxgids);
+		req->auxgids = req->auxgidlarge;
+	} else {
+		req->auxgids = req->auxgidsmall;
+	}
+
+	if (!req->auxgids) {
+		gf_log ("auth-glusterfs-v2", GF_LOG_WARNING,
+			"cannot allocate gid list");
+		ret = RPCSVC_AUTH_REJECT;
+		goto err;
+	}
+
         for (i = 0; i < req->auxgidcount; ++i)
                 req->auxgids[i] = au.groups.groups_val[i];
 
         for (i = 0; i < au.lk_owner.lk_owner_len; ++i)
                 req->lk_owner.data[i] = au.lk_owner.lk_owner_val[i];
 
+        RPC_AUTH_ROOT_SQUASH(req);
+
         gf_log (GF_RPCSVC, GF_LOG_TRACE, "Auth Info: pid: %u, uid: %d"
                 ", gid: %d, owner: %s",
                 req->pid, req->uid, req->gid, lkowner_utoa (&req->lk_owner));
         ret = RPCSVC_AUTH_ACCEPT;
 err:
+        /* TODO: instead use alloca() for these variables */
+        free (au.groups.groups_val);
+        free (au.lk_owner.lk_owner_val);
+
         return ret;
 }