Skip to content

Commit

Permalink
Wrote helper function for getting uid/gid, function for setting user …
Browse files Browse the repository at this point in the history
…or daemon auth
  • Loading branch information
Jesse Geens committed Dec 9, 2024
1 parent ff3bb81 commit 07d807d
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 53 deletions.
76 changes: 25 additions & 51 deletions pkg/eosclient/eosgrpc/eosgrpc.go
Original file line number Diff line number Diff line change
Expand Up @@ -247,17 +247,10 @@ func (c *Client) initNSRequest(ctx context.Context, auth eosclient.Authorization
// cbox is a sudo'er, so we become the user specified in UID/GID, if it is set
rq.Authkey = c.opt.Authkey

if auth.Role.UID != "" && auth.Role.GID != "" {
uidInt, err := strconv.ParseUint(auth.Role.UID, 10, 64)
if err != nil {
return nil, err
}
gidInt, err := strconv.ParseUint(auth.Role.GID, 10, 64)
if err != nil {
return nil, err
}
rq.Role.Uid = uidInt
rq.Role.Gid = gidInt
uid, gid, err := utils.ExtractUidGid(auth)
if err == nil {
rq.Role.Uid = uid
rq.Role.Gid = gid
}
}

Expand Down Expand Up @@ -288,17 +281,10 @@ func (c *Client) initMDRequest(ctx context.Context, auth eosclient.Authorization
// cbox is a sudo'er, so we become the user specified in UID/GID, if it is set
rq.Authkey = c.opt.Authkey

if auth.Role.UID != "" && auth.Role.GID != "" {
uidInt, err := strconv.ParseUint(auth.Role.UID, 10, 64)
if err != nil {
return nil, err
}
gidInt, err := strconv.ParseUint(auth.Role.GID, 10, 64)
if err != nil {
return nil, err
}
rq.Role.Uid = uidInt
rq.Role.Gid = gidInt
uid, gid, err := utils.ExtractUidGid(auth)
if err == nil {
rq.Role.Uid = uid
rq.Role.Gid = gid
}
}

Expand Down Expand Up @@ -738,12 +724,14 @@ func (c *Client) GetFileInfoByPath(ctx context.Context, userAuth eosclient.Autho
log := appctx.GetLogger(ctx)
log.Debug().Str("func", "GetFileInfoByPath").Str("uid,gid", userAuth.Role.UID+","+userAuth.Role.GID).Str("path", path).Msg("entering")

daemonAuth := utils.GetDaemonAuth()
// UserAuth may not be sufficient, because the user may not have access to the file
// e.g. in the case of a guest account. So we check if a uid/gid is set, and if not,
// revert to the daemon account
auth := utils.GetEOSAuth(userAuth)

// Initialize the common fields of the MDReq
// We do this as the daemon account, because the user may not have access to the file
// e.g. in the case of a guest account
mdrq, err := c.initMDRequest(ctx, daemonAuth)

mdrq, err := c.initMDRequest(ctx, auth)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -800,7 +788,7 @@ func (c *Client) GetFileInfoByPath(ctx context.Context, userAuth eosclient.Autho
}

log.Info().Str("func", "GetFileInfoByPath").Str("path", path).Uint64("info.Inode", info.Inode).Uint64("size", info.Size).Str("etag", info.ETag).Msg("result")
return c.fixupACLs(ctx, daemonAuth, info), nil
return c.fixupACLs(ctx, auth, info), nil
}

// GetFileInfoByFXID returns the FileInfo by the given file id in hexadecimal.
Expand Down Expand Up @@ -986,13 +974,11 @@ func (c *Client) Chown(ctx context.Context, auth, chownAuth eosclient.Authorizat

msg := new(erpc.NSRequest_ChownRequest)
msg.Owner = new(erpc.RoleId)
msg.Owner.Uid, err = strconv.ParseUint(chownAuth.Role.UID, 10, 64)
if err != nil {
return err
}
msg.Owner.Gid, err = strconv.ParseUint(chownAuth.Role.GID, 10, 64)
if err != nil {
return err

uid, gid, err := utils.ExtractUidGid(chownAuth)
if err == nil {
msg.Owner.Uid = uid
msg.Owner.Gid = gid
}

msg.Id = new(erpc.MDId)
Expand Down Expand Up @@ -1225,9 +1211,8 @@ func (c *Client) Rename(ctx context.Context, auth eosclient.Authorization, oldPa
}

// List the contents of the directory given by path.
func (c *Client) List(ctx context.Context, userAuth eosclient.Authorization, dpath string) ([]*eosclient.FileInfo, error) {
func (c *Client) List(ctx context.Context, auth eosclient.Authorization, dpath string) ([]*eosclient.FileInfo, error) {
log := appctx.GetLogger(ctx)
log.Info().Str("func", "List").Str("uid,gid", userAuth.Role.UID+","+userAuth.Role.GID).Str("dpath", dpath).Msg("")

// Stuff filename, uid, gid into the FindRequest type
fdrq := new(erpc.FindRequest)
Expand All @@ -1238,23 +1223,12 @@ func (c *Client) List(ctx context.Context, userAuth eosclient.Authorization, dpa

fdrq.Role = new(erpc.RoleId)

var auth eosclient.Authorization
if userAuth.Role.UID == "" || userAuth.Role.GID == "" {
auth = utils.GetDaemonAuth()
} else {
auth = userAuth
}

uidInt, err := strconv.ParseUint(auth.Role.UID, 10, 64)
if err != nil {
return nil, err
}
gidInt, err := strconv.ParseUint(auth.Role.GID, 10, 64)
uid, gid, err := utils.ExtractUidGid(auth)
if err != nil {
return nil, err
return nil, errors.Wrap(err, "Failed to extract uid/gid from auth")
}
fdrq.Role.Uid = uidInt
fdrq.Role.Gid = gidInt
fdrq.Role.Uid = uid
fdrq.Role.Gid = gid

fdrq.Authkey = c.opt.Authkey

Expand Down
7 changes: 5 additions & 2 deletions pkg/storage/utils/eosfs/eosfs.go
Original file line number Diff line number Diff line change
Expand Up @@ -1172,10 +1172,11 @@ func (fs *eosfs) listWithNominalHome(ctx context.Context, p string) (finfos []*p
if err != nil {
return nil, errors.Wrap(err, "eosfs: no user in ctx")
}
auth, err := fs.getUserAuth(ctx, u, fn)
userAuth, err := fs.getUserAuth(ctx, u, fn)
if err != nil {
return nil, err
}
auth := utils.GetEOSAuth(userAuth)

eosFileInfos, err := fs.c.List(ctx, auth, fn)
if err != nil {
Expand Down Expand Up @@ -1503,10 +1504,12 @@ func (fs *eosfs) ListRevisions(ctx context.Context, ref *provider.Reference) ([]
return nil, errtypes.PermissionDenied("eosfs: user doesn't have permissions to list revisions")
}
} else {
fn, auth, err = fs.resolveRefAndGetAuth(ctx, ref)
var userAuth eosclient.Authorization
fn, userAuth, err = fs.resolveRefAndGetAuth(ctx, ref)
if err != nil {
return nil, err
}
auth = utils.GetEOSAuth(userAuth)
}

eosRevisions, err := fs.c.ListVersions(ctx, auth, fn)
Expand Down
29 changes: 29 additions & 0 deletions pkg/utils/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (
"path/filepath"
"reflect"
"regexp"
"strconv"
"strings"
"time"

Expand Down Expand Up @@ -456,3 +457,31 @@ func GetDaemonAuth() eosclient.Authorization {
func GetEmptyAuth() eosclient.Authorization {
return eosclient.Authorization{}
}

// Returns the userAuth if this is a valid auth object,
// otherwise returns daemonAuth
func GetEOSAuth(userAuth eosclient.Authorization) eosclient.Authorization {
if userAuth.Role.UID == "" || userAuth.Role.GID == "" {
return GetDaemonAuth()
} else {
return userAuth
}
}

// Extract uid and gid from auth object
func ExtractUidGid(auth eosclient.Authorization) (uid, gid uint64, err error) {
// $ id nobody
// uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)
nobody := uint64(65534)

uid, err = strconv.ParseUint(auth.Role.UID, 10, 64)
if err != nil {
return nobody, nobody, err
}
gid, err = strconv.ParseUint(auth.Role.GID, 10, 64)
if err != nil {
return nobody, nobody, err
}

return uid, gid, nil
}

0 comments on commit 07d807d

Please sign in to comment.