From a412bb3160d1e01956e705b331521e63d2a5b7d7 Mon Sep 17 00:00:00 2001 From: Jesse Geens Date: Mon, 9 Dec 2024 11:40:37 +0100 Subject: [PATCH] Wrote helper function for getting uid/gid, function for setting user or daemon auth --- pkg/eosclient/eosgrpc/eosgrpc.go | 75 ++++++++++---------------------- pkg/storage/utils/eosfs/eosfs.go | 7 ++- pkg/utils/utils.go | 29 ++++++++++++ 3 files changed, 58 insertions(+), 53 deletions(-) diff --git a/pkg/eosclient/eosgrpc/eosgrpc.go b/pkg/eosclient/eosgrpc/eosgrpc.go index 73a2df2eda..e23e99d15e 100644 --- a/pkg/eosclient/eosgrpc/eosgrpc.go +++ b/pkg/eosclient/eosgrpc/eosgrpc.go @@ -247,17 +247,10 @@ func (c *Client) initNSRequest(ctx context.Context, auth eosclient.Authorization // cbox is a sudo'er, so we become the user specified in UID/GID, if it is set rq.Authkey = c.opt.Authkey - if auth.Role.UID != "" && auth.Role.GID != "" { - uidInt, err := strconv.ParseUint(auth.Role.UID, 10, 64) - if err != nil { - return nil, err - } - gidInt, err := strconv.ParseUint(auth.Role.GID, 10, 64) - if err != nil { - return nil, err - } - rq.Role.Uid = uidInt - rq.Role.Gid = gidInt + uid, gid, err := utils.ExtractUidGid(auth) + if err == nil { + rq.Role.Uid = uid + rq.Role.Gid = gid } } @@ -288,17 +281,10 @@ func (c *Client) initMDRequest(ctx context.Context, auth eosclient.Authorization // cbox is a sudo'er, so we become the user specified in UID/GID, if it is set rq.Authkey = c.opt.Authkey - if auth.Role.UID != "" && auth.Role.GID != "" { - uidInt, err := strconv.ParseUint(auth.Role.UID, 10, 64) - if err != nil { - return nil, err - } - gidInt, err := strconv.ParseUint(auth.Role.GID, 10, 64) - if err != nil { - return nil, err - } - rq.Role.Uid = uidInt - rq.Role.Gid = gidInt + uid, gid, err := utils.ExtractUidGid(auth) + if err == nil { + rq.Role.Uid = uid + rq.Role.Gid = gid } } @@ -738,12 +724,13 @@ func (c *Client) GetFileInfoByPath(ctx context.Context, userAuth eosclient.Autho log := appctx.GetLogger(ctx) log.Debug().Str("func", "GetFileInfoByPath").Str("uid,gid", userAuth.Role.UID+","+userAuth.Role.GID).Str("path", path).Msg("entering") - daemonAuth := utils.GetDaemonAuth() + // UserAuth may not be sufficient, because the user may not have access to the file + // e.g. in the case of a guest account. So we check if a uid/gid is set, and if not, + // revert to the daemon account + auth := utils.GetUserOrDaemonAuth(userAuth) // Initialize the common fields of the MDReq - // We do this as the daemon account, because the user may not have access to the file - // e.g. in the case of a guest account - mdrq, err := c.initMDRequest(ctx, daemonAuth) + mdrq, err := c.initMDRequest(ctx, auth) if err != nil { return nil, err } @@ -800,7 +787,7 @@ func (c *Client) GetFileInfoByPath(ctx context.Context, userAuth eosclient.Autho } log.Info().Str("func", "GetFileInfoByPath").Str("path", path).Uint64("info.Inode", info.Inode).Uint64("size", info.Size).Str("etag", info.ETag).Msg("result") - return c.fixupACLs(ctx, daemonAuth, info), nil + return c.fixupACLs(ctx, auth, info), nil } // GetFileInfoByFXID returns the FileInfo by the given file id in hexadecimal. @@ -990,13 +977,11 @@ func (c *Client) Chown(ctx context.Context, auth, chownAuth eosclient.Authorizat msg := new(erpc.NSRequest_ChownRequest) msg.Owner = new(erpc.RoleId) - msg.Owner.Uid, err = strconv.ParseUint(chownAuth.Role.UID, 10, 64) - if err != nil { - return err - } - msg.Owner.Gid, err = strconv.ParseUint(chownAuth.Role.GID, 10, 64) - if err != nil { - return err + + uid, gid, err := utils.ExtractUidGid(chownAuth) + if err == nil { + msg.Owner.Uid = uid + msg.Owner.Gid = gid } msg.Id = new(erpc.MDId) @@ -1229,9 +1214,8 @@ func (c *Client) Rename(ctx context.Context, auth eosclient.Authorization, oldPa } // List the contents of the directory given by path. -func (c *Client) List(ctx context.Context, userAuth eosclient.Authorization, dpath string) ([]*eosclient.FileInfo, error) { +func (c *Client) List(ctx context.Context, auth eosclient.Authorization, dpath string) ([]*eosclient.FileInfo, error) { log := appctx.GetLogger(ctx) - log.Info().Str("func", "List").Str("uid,gid", userAuth.Role.UID+","+userAuth.Role.GID).Str("dpath", dpath).Msg("") // Stuff filename, uid, gid into the FindRequest type fdrq := new(erpc.FindRequest) @@ -1242,23 +1226,12 @@ func (c *Client) List(ctx context.Context, userAuth eosclient.Authorization, dpa fdrq.Role = new(erpc.RoleId) - var auth eosclient.Authorization - if userAuth.Role.UID == "" || userAuth.Role.GID == "" { - auth = utils.GetDaemonAuth() - } else { - auth = userAuth - } - - uidInt, err := strconv.ParseUint(auth.Role.UID, 10, 64) - if err != nil { - return nil, err - } - gidInt, err := strconv.ParseUint(auth.Role.GID, 10, 64) + uid, gid, err := utils.ExtractUidGid(auth) if err != nil { - return nil, err + return nil, errors.Wrap(err, "Failed to extract uid/gid from auth") } - fdrq.Role.Uid = uidInt - fdrq.Role.Gid = gidInt + fdrq.Role.Uid = uid + fdrq.Role.Gid = gid fdrq.Authkey = c.opt.Authkey diff --git a/pkg/storage/utils/eosfs/eosfs.go b/pkg/storage/utils/eosfs/eosfs.go index 98076f3cfe..9a33e99227 100644 --- a/pkg/storage/utils/eosfs/eosfs.go +++ b/pkg/storage/utils/eosfs/eosfs.go @@ -1292,10 +1292,11 @@ func (fs *eosfs) listWithNominalHome(ctx context.Context, p string) (finfos []*p if err != nil { return nil, errors.Wrap(err, "eosfs: no user in ctx") } - auth, err := fs.getUserAuth(ctx, u, fn) + userAuth, err := fs.getUserAuth(ctx, u, fn) if err != nil { return nil, err } + auth := utils.GetUserOrDaemonAuth(userAuth) eosFileInfos, err := fs.c.List(ctx, auth, fn) if err != nil { @@ -1791,10 +1792,12 @@ func (fs *eosfs) ListRevisions(ctx context.Context, ref *provider.Reference) ([] return nil, errtypes.PermissionDenied("eosfs: user doesn't have permissions to list revisions") } } else { - fn, auth, err = fs.resolveRefForbidShareFolder(ctx, ref) + var userAuth eosclient.Authorization + fn, userAuth, err = fs.resolveRefAndGetAuth(ctx, ref) if err != nil { return nil, err } + auth = utils.GetUserOrDaemonAuth(userAuth) } eosRevisions, err := fs.c.ListVersions(ctx, auth, fn) diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 1ce62e4e06..745b7ca62c 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -28,6 +28,7 @@ import ( "path/filepath" "reflect" "regexp" + "strconv" "strings" "time" @@ -456,3 +457,31 @@ func GetDaemonAuth() eosclient.Authorization { func GetEmptyAuth() eosclient.Authorization { return eosclient.Authorization{} } + +// Returns the userAuth if this is a valid auth object, +// otherwise returns daemonAuth +func GetUserOrDaemonAuth(userAuth eosclient.Authorization) eosclient.Authorization { + if userAuth.Role.UID == "" || userAuth.Role.GID == "" { + return GetDaemonAuth() + } else { + return userAuth + } +} + +// Extract uid and gid from auth object +func ExtractUidGid(auth eosclient.Authorization) (uid, gid uint64, err error) { + // $ id nobody + // uid=65534(nobody) gid=65534(nobody) groups=65534(nobody) + nobody := uint64(65534) + + uid, err = strconv.ParseUint(auth.Role.UID, 10, 64) + if err != nil { + return nobody, nobody, err + } + gid, err = strconv.ParseUint(auth.Role.GID, 10, 64) + if err != nil { + return nobody, nobody, err + } + + return uid, gid, nil +}