summaryrefslogtreecommitdiffstats
path: root/xlators
diff options
context:
space:
mode:
Diffstat (limited to 'xlators')
-rw-r--r--xlators/nfs/server/src/nfs-fops.c27
1 files changed, 26 insertions, 1 deletions
diff --git a/xlators/nfs/server/src/nfs-fops.c b/xlators/nfs/server/src/nfs-fops.c
index 14bc0f33ba5..b91f73a5378 100644
--- a/xlators/nfs/server/src/nfs-fops.c
+++ b/xlators/nfs/server/src/nfs-fops.c
@@ -30,6 +30,8 @@
#include <libgen.h>
#include <semaphore.h>
+static int gf_auth_max_groups_nfs_log = 0;
+
void
nfs_fix_groups (xlator_t *this, call_stack_t *root)
{
@@ -39,6 +41,7 @@ nfs_fix_groups (xlator_t *this, call_stack_t *root)
gid_t mygroups[GF_MAX_AUX_GROUPS];
int ngroups;
int i;
+ int max_groups;
struct nfs_state *priv = this->private;
const gid_list_t *agl;
gid_list_t gl;
@@ -47,10 +50,22 @@ nfs_fix_groups (xlator_t *this, call_stack_t *root)
return;
}
+ /* RPC enforces the GF_AUTH_GLUSTERFS_MAX_GROUPS limit */
+ max_groups = GF_AUTH_GLUSTERFS_MAX_GROUPS(root->lk_owner.len);
+
agl = gid_cache_lookup(&priv->gid_cache, root->uid, 0, 0);
if (agl) {
- for (ngroups = 0; ngroups < agl->gl_count; ngroups++)
+ if (agl->gl_count > max_groups) {
+ GF_LOG_OCCASIONALLY (gf_auth_max_groups_nfs_log,
+ this->name, GF_LOG_WARNING,
+ "too many groups, reducing %d -> %d",
+ agl->gl_count, max_groups);
+ }
+
+ for (ngroups = 0; ngroups < agl->gl_count
+ && ngroups <= max_groups; ngroups++) {
root->groups[ngroups] = agl->gl_list[ngroups];
+ }
root->ngrps = ngroups;
gid_cache_release(&priv->gid_cache, agl);
return;
@@ -92,6 +107,16 @@ nfs_fix_groups (xlator_t *this, call_stack_t *root)
GF_FREE(gl.gl_list);
}
+ /* RPC enforces the GF_AUTH_GLUSTERFS_MAX_GROUPS limit */
+ if (ngroups > max_groups) {
+ GF_LOG_OCCASIONALLY (gf_auth_max_groups_nfs_log,
+ this->name, GF_LOG_WARNING,
+ "too many groups, reducing %d -> %d",
+ ngroups, max_groups);
+
+ ngroups = max_groups;
+ }
+
/* Copy data to the frame. */
for (i = 0; i < ngroups; ++i) {
gf_log (this->name, GF_LOG_TRACE,