1 files changed, 39 insertions, 5 deletions

diff --git a/rpc/rpc-lib/src/auth-glusterfs.c b/rpc/rpc-lib/src/auth-glusterfs.c
index 5f41c8296..db488434c 100644
--- a/rpc/rpc-lib/src/auth-glusterfs.c
+++ b/rpc/rpc-lib/src/auth-glusterfs.c
@@ -64,9 +64,9 @@ int auth_glusterfs_authenticate (rpcsvc_request_t *req, void *priv)
         struct auth_glusterfs_parms  au = {0,};
 
         int ret      = RPCSVC_AUTH_REJECT;
-        int gidcount = 0;
         int j        = 0;
         int i        = 0;
+        int gidcount = 0;
 
         if (!req)
                 return ret;
@@ -96,9 +96,27 @@ int auth_glusterfs_authenticate (rpcsvc_request_t *req, void *priv)
                 goto err;
         }
 
+	if (req->auxgidcount > SMALL_GROUP_COUNT) {
+		req->auxgidlarge = GF_CALLOC(req->auxgidcount,
+					     sizeof(req->auxgids[0]),
+					     gf_common_mt_auxgids);
+		req->auxgids = req->auxgidlarge;
+	} else {
+		req->auxgids = req->auxgidsmall;
+	}
+
+	if (!req->auxgids) {
+		gf_log ("auth-glusterfs", GF_LOG_WARNING,
+			"cannot allocate gid list");
+		ret = RPCSVC_AUTH_REJECT;
+		goto err;
+	}
+
         for (gidcount = 0; gidcount < au.ngrps; ++gidcount)
                 req->auxgids[gidcount] = au.groups[gidcount];
 
+        RPC_AUTH_ROOT_SQUASH(req);
+
         gf_log (GF_RPCSVC, GF_LOG_TRACE, "Auth Info: pid: %u, uid: %d"
                 ", gid: %d, owner: %s",
                 req->pid, req->uid, req->gid, lkowner_utoa (&req->lk_owner));
@@ -201,22 +219,38 @@ int auth_glusterfs_v2_authenticate (rpcsvc_request_t *req, void *priv)
                 goto err;
         }
 
+	if (req->auxgidcount > SMALL_GROUP_COUNT) {
+		req->auxgidlarge = GF_CALLOC(req->auxgidcount,
+					     sizeof(req->auxgids[0]),
+					     gf_common_mt_auxgids);
+		req->auxgids = req->auxgidlarge;
+	} else {
+		req->auxgids = req->auxgidsmall;
+	}
+
+	if (!req->auxgids) {
+		gf_log ("auth-glusterfs-v2", GF_LOG_WARNING,
+			"cannot allocate gid list");
+		ret = RPCSVC_AUTH_REJECT;
+		goto err;
+	}
+
         for (i = 0; i < req->auxgidcount; ++i)
                 req->auxgids[i] = au.groups.groups_val[i];
 
         for (i = 0; i < au.lk_owner.lk_owner_len; ++i)
                 req->lk_owner.data[i] = au.lk_owner.lk_owner_val[i];
 
+        RPC_AUTH_ROOT_SQUASH(req);
+
         gf_log (GF_RPCSVC, GF_LOG_TRACE, "Auth Info: pid: %u, uid: %d"
                 ", gid: %d, owner: %s",
                 req->pid, req->uid, req->gid, lkowner_utoa (&req->lk_owner));
         ret = RPCSVC_AUTH_ACCEPT;
 err:
         /* TODO: instead use alloca() for these variables */
-        if (au.groups.groups_val)
-                free (au.groups.groups_val);
-        if (au.lk_owner.lk_owner_val)
-                free (au.lk_owner.lk_owner_val);
+        free (au.groups.groups_val);
+        free (au.lk_owner.lk_owner_val);
 
         return ret;
 }