rpc: implement server.manage-gids for group resolving on the bricks

The new volume option 'server.manage-gids' can be enabled in
environments where a user belongs to more than the current absolute
maximum of 93 groups. This option triggers the following behavior:

1. The AUTH_GLUSTERFS structure sent by GlusterFS clients (fuse, nfs or
   libgfapi) will contain only one (1) auxiliary group, instead of
   a full list. This reduces network usage and prevents problems in
   encoding the AUTH_GLUSTERFS structure which should fit in 400 bytes.
2. The single group in the RPC Calls received by the server is replaced
   by resolving the groups server-side. Permission checks and similar in
   lower xlators are applied against the full list of groups where the
   user belongs to, and not the single auxiliary group that the client
   sent.

Cherry picked from commit 2fd499d148fc8865c77de8b2c73fe0b7e1737882:
> BUG: 1053579
> Signed-off-by: Niels de Vos <ndevos@redhat.com>
> Reviewed-on: http://review.gluster.org/7501
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Santosh Pradhan <spradhan@redhat.com>
> Reviewed-by: Harshavardhana <harsha@harshavardhana.net>
> Reviewed-by: Anand Avati <avati@redhat.com>

Change-Id: I9e540de13e3022f8b63ff893ecba511129a47b91
BUG: 1096425
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/7830
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Santosh Pradhan <spradhan@redhat.com>

1 files changed, 47 insertions, 13 deletions

diff --git a/tests/bugs/bug-1053579.t b/tests/bugs/bug-1053579.t
index 0b6eb4331c1..a2d028bfa3b 100755
--- a/tests/bugs/bug-1053579.t
+++ b/tests/bugs/bug-1053579.t
@@ -9,19 +9,16 @@ cleanup
 NEW_USER=bug1053579
 NEW_UID=1053579
 NEW_GID=1053579
+LAST_GID=1053779
+NEW_GIDS=${NEW_GID}
 
-# create many groups, $NEW_USER will have 200 groups
-NEW_GIDS=1053580
-groupadd -o -g ${NEW_GID} gid${NEW_GID} 2> /dev/null
-for G in $(seq 1053581 1053279)
+# create a user that belongs to many groups
+for GID in $(seq ${NEW_GID} ${LAST_GID})
 do
-        groupadd -o -g ${G} gid${G} 2> /dev/null
-        NEW_GIDS="${GIDS},${G}"
+        groupadd -o -g ${GID} ${NEW_USER}-${GID}
+        NEW_GIDS="${NEW_GIDS},${NEW_USER}-${GID}"
 done
-
-# create a user that belongs to many groups
-groupadd -o -g ${NEW_GID} gid${NEW_GID}
-useradd -o -u ${NEW_UID} -g ${NEW_GID} -G ${NEW_GIDS} ${NEW_USER}
+TEST useradd -o -M -u ${NEW_UID} -g ${NEW_GID} -G ${NEW_USER}-${NEW_GIDS} ${NEW_USER}
 
 # preparation done, start the tests
 
@@ -33,13 +30,50 @@ TEST $CLI volume start $V0
 
 EXPECT_WITHIN 20 "1" is_nfs_export_available
 
-# Mount volume as NFS export
+# mount the volume
 TEST mount -t nfs -o vers=3,nolock $H0:/$V0 $N0
+TEST glusterfs --volfile-id=/$V0 --volfile-server=$H0 $M0
+
+# the actual test, this used to crash
+su -c "stat $N0/. > /dev/null" ${NEW_USER}
+TEST [ $? -eq 0 ]
+
+# create a file that only a user in a high-group can access
+echo 'Hello World!' > $N0/README
+chgrp ${LAST_GID} $N0/README
+chmod 0640 $N0/README
+
+su -c "cat $N0/README 2>&1 > /dev/null" ${NEW_USER}
+TEST [ $? -ne 0 ]
+# This passes only on build.gluster.org, not reproducible on other machines?!
+#su -c "cat $M0/README 2>&1 > /dev/null" ${NEW_USER}
+#TEST [ $? -ne 0 ]
+
+# we need to unmount before we can enable the server.manage-gids option
+TEST umount $M0
 
-# the actual test :-)
-TEST su -c '"stat /mnt/. > /dev/null"' ${USER}
+# enable server.manage-gids and things should work
+TEST $CLI volume set $V0 server.manage-gids on
 
+# mount the volume again
+TEST glusterfs --volfile-id=/$V0 --volfile-server=$H0 $M0
+
+su -c "cat $N0/README 2>&1 > /dev/null" ${NEW_USER}
+TEST [ $? -eq 0 ]
+su -c "cat $M0/README 2>&1 > /dev/null" ${NEW_USER}
+TEST [ $? -eq 0 ]
+
+# cleanup
+userdel --force ${NEW_USER}
+for GID in $(seq ${NEW_GID} ${LAST_GID})
+do
+        groupdel ${NEW_USER}-${GID}
+done
+
+rm -f $N0/README
 TEST umount $N0
+TEST umount $M0
+
 TEST $CLI volume stop $V0
 TEST $CLI volume delete $V0