From 5a26daaea96aa3f7855b8d75b6568449f5466cc2 Mon Sep 17 00:00:00 2001
From: Santosh Kumar Pradhan <spradhan@redhat.com>
Date: Fri, 10 Jan 2014 11:57:05 +0530
Subject: gNFS: Server sets ACL mask wrongly in GETACL reply

FIX:
1. Set the ACL mask what was requested by client
2. Validate the ACL mask in SETACL routine

Change-Id: Icb8576a8fe2684e0beaf94e8db6a92bc70bbfe7f
BUG: 1051865
Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
Reviewed-on: http://review.gluster.org/6683
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
---
 xlators/nfs/server/src/acl3.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'xlators/nfs')

diff --git a/xlators/nfs/server/src/acl3.c b/xlators/nfs/server/src/acl3.c
index 5286077a8..25476ebbe 100644
--- a/xlators/nfs/server/src/acl3.c
+++ b/xlators/nfs/server/src/acl3.c
@@ -256,7 +256,7 @@ acl3_getacl_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
         }
         cs = frame->local;
         getaclreply = &cs->args.getaclreply;
-        if (op_ret == -1) {
+        if (op_ret < 0) {
                 stat = nfs3_cbk_errno_status (op_ret, op_errno);
                 goto err;
         }
@@ -343,7 +343,6 @@ acl3_stat_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
         deviceid = nfs3_request_xlator_deviceid (cs->req);
         nfs3_map_deviceid_to_statdev (buf, deviceid);
         getaclreply->attr = nfs3_stat_to_fattr3 (buf);
-        getaclreply->mask = (NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT);
 
         nfs_request_user_init (&nfu, cs->req);
         ret = nfs_getxattr (cs->nfsx, cs->vol, &nfu, &cs->resolvedloc,
@@ -430,6 +429,7 @@ acl3svc_getacl (rpcsvc_request_t *req)
                                      vol, stat, rpcerr);
 
         cs->vol = vol;
+        cs->args.getaclreply.mask = getaclargs.mask;
         acl3_volume_started_check (nfs3, vol, ret, acl3err);
 
         ret = nfs3_fh_resolve_and_resume (cs, fhp,
@@ -551,6 +551,13 @@ acl3svc_setacl (rpcsvc_request_t *req)
                 rpcsvc_request_seterr (req, GARBAGE_ARGS);
                 goto rpcerr;
         }
+
+        /* Validate ACL mask */
+        if (setaclargs.mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT)) {
+                stat = NFS3ERR_INVAL;
+                goto acl3err;
+        }
+
         fhp = &fh;
         acl3_validate_gluster_fh (fhp, stat, acl3err);
         acl3_map_fh_to_volume (nfs->nfs3state, fhp, req,
-- 
cgit