Skip to content

Commit

Permalink
Wrote helper function for getting uid/gid, function for setting user …
Browse files Browse the repository at this point in the history 
…or daemon auth
  • Loading branch information
Jesse Geens committed Dec 10, 2024
1 parent 97288a4 commit e172a77
Show file tree
Hide file tree
Showing 5 changed files with 120 additions and 98 deletions.
14 changes: 14 additions & 0 deletions changelog/unreleased/no-more-shadow-ns.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
Enhancement: drop shadow namespaces

This comes as part of the effort to operate EOS without being root, see https://github.com/cs3org/reva/pull/4977

In this PR the post-home creation hook (and corresponding flag) is replaced by a create_home_hook, and the following configuration parameters are suppressed:

shadow_namespace
share_folder
default_quota_bytes
default_secondary_quota_bytes
default_quota_files
uploads_namespace (unused)

https://github.com/cs3org/reva/pull/4984
89 changes: 26 additions & 63 deletions pkg/eosclient/eosgrpc/eosgrpc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ import (
"time"

erpc "github.com/cern-eos/go-eosgrpc"
userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
"github.com/cs3org/reva/pkg/appctx"
"github.com/cs3org/reva/pkg/eosclient"
"github.com/cs3org/reva/pkg/errtypes"
Expand Down Expand Up @@ -131,15 +130,6 @@ func (opt *Options) init() {
}
}

func getUser(ctx context.Context) (*userpb.User, error) {
u, ok := appctx.ContextGetUser(ctx)
if !ok {
err := errors.Wrap(errtypes.UserRequired(""), "eosfs: error getting user from ctx")
return nil, err
}
return u, nil
}

func serializeAttribute(a *eosclient.Attribute) string {
return fmt.Sprintf("%s.%s=%s", attrTypeToString(a.Type), a.Key, a.Val)
}
Expand Down Expand Up @@ -247,17 +237,10 @@ func (c *Client) initNSRequest(ctx context.Context, auth eosclient.Authorization
// cbox is a sudo'er, so we become the user specified in UID/GID, if it is set
rq.Authkey = c.opt.Authkey

if auth.Role.UID != "" && auth.Role.GID != "" {
uidInt, err := strconv.ParseUint(auth.Role.UID, 10, 64)
if err != nil {
return nil, err
}
gidInt, err := strconv.ParseUint(auth.Role.GID, 10, 64)
if err != nil {
return nil, err
}
rq.Role.Uid = uidInt
rq.Role.Gid = gidInt
uid, gid, err := utils.ExtractUidGid(auth)
if err == nil {
rq.Role.Uid = uid
rq.Role.Gid = gid
}
}

Expand Down Expand Up @@ -288,17 +271,10 @@ func (c *Client) initMDRequest(ctx context.Context, auth eosclient.Authorization
// cbox is a sudo'er, so we become the user specified in UID/GID, if it is set
rq.Authkey = c.opt.Authkey

if auth.Role.UID != "" && auth.Role.GID != "" {
uidInt, err := strconv.ParseUint(auth.Role.UID, 10, 64)
if err != nil {
return nil, err
}
gidInt, err := strconv.ParseUint(auth.Role.GID, 10, 64)
if err != nil {
return nil, err
}
rq.Role.Uid = uidInt
rq.Role.Gid = gidInt
uid, gid, err := utils.ExtractUidGid(auth)
if err == nil {
rq.Role.Uid = uid
rq.Role.Gid = gid
}
}

Expand Down Expand Up @@ -738,12 +714,13 @@ func (c *Client) GetFileInfoByPath(ctx context.Context, userAuth eosclient.Autho
log := appctx.GetLogger(ctx)
log.Debug().Str("func", "GetFileInfoByPath").Str("uid,gid", userAuth.Role.UID+","+userAuth.Role.GID).Str("path", path).Msg("entering")

daemonAuth := utils.GetDaemonAuth()
// UserAuth may not be sufficient, because the user may not have access to the file
// e.g. in the case of a guest account. So we check if a uid/gid is set, and if not,
// revert to the daemon account
auth := utils.GetUserOrDaemonAuth(userAuth)

// Initialize the common fields of the MDReq
// We do this as the daemon account, because the user may not have access to the file
// e.g. in the case of a guest account
mdrq, err := c.initMDRequest(ctx, daemonAuth)
mdrq, err := c.initMDRequest(ctx, auth)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -800,7 +777,7 @@ func (c *Client) GetFileInfoByPath(ctx context.Context, userAuth eosclient.Autho
}

log.Info().Str("func", "GetFileInfoByPath").Str("path", path).Uint64("info.Inode", info.Inode).Uint64("size", info.Size).Str("etag", info.ETag).Msg("result")
return c.fixupACLs(ctx, daemonAuth, info), nil
return c.fixupACLs(ctx, auth, info), nil
}

// GetFileInfoByFXID returns the FileInfo by the given file id in hexadecimal.
Expand Down Expand Up @@ -986,13 +963,11 @@ func (c *Client) Chown(ctx context.Context, auth, chownAuth eosclient.Authorizat

msg := new(erpc.NSRequest_ChownRequest)
msg.Owner = new(erpc.RoleId)
msg.Owner.Uid, err = strconv.ParseUint(chownAuth.Role.UID, 10, 64)
if err != nil {
return err
}
msg.Owner.Gid, err = strconv.ParseUint(chownAuth.Role.GID, 10, 64)
if err != nil {
return err

uid, gid, err := utils.ExtractUidGid(chownAuth)
if err == nil {
msg.Owner.Uid = uid
msg.Owner.Gid = gid
}

msg.Id = new(erpc.MDId)
Expand Down Expand Up @@ -1225,9 +1200,8 @@ func (c *Client) Rename(ctx context.Context, auth eosclient.Authorization, oldPa
}

// List the contents of the directory given by path.
func (c *Client) List(ctx context.Context, userAuth eosclient.Authorization, dpath string) ([]*eosclient.FileInfo, error) {
func (c *Client) List(ctx context.Context, auth eosclient.Authorization, dpath string) ([]*eosclient.FileInfo, error) {
log := appctx.GetLogger(ctx)
log.Info().Str("func", "List").Str("uid,gid", userAuth.Role.UID+","+userAuth.Role.GID).Str("dpath", dpath).Msg("")

// Stuff filename, uid, gid into the FindRequest type
fdrq := new(erpc.FindRequest)
Expand All @@ -1238,23 +1212,12 @@ func (c *Client) List(ctx context.Context, userAuth eosclient.Authorization, dpa

fdrq.Role = new(erpc.RoleId)

var auth eosclient.Authorization
if userAuth.Role.UID == "" || userAuth.Role.GID == "" {
auth = utils.GetDaemonAuth()
} else {
auth = userAuth
}

uidInt, err := strconv.ParseUint(auth.Role.UID, 10, 64)
uid, gid, err := utils.ExtractUidGid(auth)
if err != nil {
return nil, err
}
gidInt, err := strconv.ParseUint(auth.Role.GID, 10, 64)
if err != nil {
return nil, err
return nil, errors.Wrap(err, "Failed to extract uid/gid from auth")
}
fdrq.Role.Uid = uidInt
fdrq.Role.Gid = gidInt
fdrq.Role.Uid = uid
fdrq.Role.Gid = gid

fdrq.Authkey = c.opt.Authkey

Expand Down Expand Up @@ -1386,7 +1349,7 @@ func (c *Client) Read(ctx context.Context, auth eosclient.Authorization, path st
var localfile io.WriteCloser
localfile = nil

u, err := getUser(ctx)
u, err := utils.GetUser(ctx)
if err != nil {
return nil, errors.Wrap(err, "eos: no user in ctx")
}
Expand Down Expand Up @@ -1422,7 +1385,7 @@ func (c *Client) Write(ctx context.Context, auth eosclient.Authorization, path s
var length int64
length = -1

u, err := getUser(ctx)
u, err := utils.GetUser(ctx)
if err != nil {
return errors.Wrap(err, "eos: no user in ctx")
}
Expand Down
Loading

0 comments on commit e172a77

Please sign in to comment.