diff options
Diffstat (limited to 'xlators/system/posix-acl/src')
| -rw-r--r-- | xlators/system/posix-acl/src/Makefile.am | 12 | ||||
| -rw-r--r-- | xlators/system/posix-acl/src/posix-acl-mem-types.h | 24 | ||||
| -rw-r--r-- | xlators/system/posix-acl/src/posix-acl-xattr.c | 10 | ||||
| -rw-r--r-- | xlators/system/posix-acl/src/posix-acl-xattr.h | 16 | ||||
| -rw-r--r-- | xlators/system/posix-acl/src/posix-acl.c | 102 | ||||
| -rw-r--r-- | xlators/system/posix-acl/src/posix-acl.h | 49 |
6 files changed, 127 insertions, 86 deletions
diff --git a/xlators/system/posix-acl/src/Makefile.am b/xlators/system/posix-acl/src/Makefile.am index c0955694c..14ba51863 100644 --- a/xlators/system/posix-acl/src/Makefile.am +++ b/xlators/system/posix-acl/src/Makefile.am @@ -1,14 +1,16 @@ xlator_LTLIBRARIES = posix-acl.la xlatordir = $(libdir)/glusterfs/$(PACKAGE_VERSION)/xlator/system -posix_acl_la_LDFLAGS = -module -avoidversion +posix_acl_la_LDFLAGS = -module -avoid-version posix_acl_la_SOURCES = posix-acl.c posix-acl-xattr.c posix_acl_la_LIBADD = $(top_builddir)/libglusterfs/src/libglusterfs.la -noinst_HEADERS = posix-acl.h posix-acl-xattr.h +noinst_HEADERS = posix-acl.h posix-acl-xattr.h posix-acl-mem-types.h -AM_CFLAGS = -fPIC -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -Wall -D$(GF_HOST_OS)\ - -I$(top_srcdir)/libglusterfs/src -shared -nostartfiles $(GF_CFLAGS)\ - -L$(xlatordir)/ +AM_CPPFLAGS = $(GF_CPPFLAGS) -I$(top_srcdir)/libglusterfs/src + +AM_CFLAGS = -Wall $(GF_CFLAGS) + +AM_LDFLAGS = -L$(xlatordir) CLEANFILES = diff --git a/xlators/system/posix-acl/src/posix-acl-mem-types.h b/xlators/system/posix-acl/src/posix-acl-mem-types.h new file mode 100644 index 000000000..7eed2ebb5 --- /dev/null +++ b/xlators/system/posix-acl/src/posix-acl-mem-types.h @@ -0,0 +1,24 @@ +/* + Copyright (c) 2008-2013 Red Hat, Inc. <http://www.redhat.com> + This file is part of GlusterFS. + + This file is licensed to you under your choice of the GNU Lesser + General Public License, version 3 or any later version (LGPLv3 or + later), or the GNU General Public License, version 2 (GPLv2), in all + cases as published by the Free Software Foundation. +*/ + +#ifndef __POSIX_ACL_MEM_TYPES_H__ +#define __POSIX_ACL_MEM_TYPES_H__ + +#include "mem-types.h" + +typedef enum gf_posix_acl_mem_types_ { + gf_posix_acl_mt_ctx_t = gf_common_mt_end + 1, + gf_posix_acl_mt_posix_ace_t, + gf_posix_acl_mt_char, + gf_posix_acl_mt_conf_t, + gf_posix_acl_mt_end +} gf_posix_acl_mem_types_t; +#endif + diff --git a/xlators/system/posix-acl/src/posix-acl-xattr.c b/xlators/system/posix-acl/src/posix-acl-xattr.c index 460daf985..3c8826568 100644 --- a/xlators/system/posix-acl/src/posix-acl-xattr.c +++ b/xlators/system/posix-acl/src/posix-acl-xattr.c @@ -1,5 +1,5 @@ /* - Copyright (c) 2011-2012 Red Hat, Inc. <http://www.redhat.com> + Copyright (c) 2011-2013 Red Hat, Inc. <http://www.redhat.com> This file is part of GlusterFS. This file is licensed to you under your choice of the GNU Lesser @@ -65,9 +65,9 @@ posix_acl_from_xattr (xlator_t *this, const char *xattr_buf, int xattr_size) count = size / sizeof (*entry); header = (struct posix_acl_xattr_header *) (xattr_buf); - entry = (struct posix_acl_xattr_entry *) (header + 1); + entry = (struct posix_acl_xattr_entry *) (header + 1); - if (header->version != htole32 (POSIX_ACL_VERSION)) + if (header->version != htole32 (POSIX_ACL_XATTR_VERSION)) return NULL; acl = posix_acl_new (this, count); @@ -126,10 +126,10 @@ posix_acl_to_xattr (xlator_t *this, struct posix_acl *acl, char *xattr_buf, return size; header = (struct posix_acl_xattr_header *) (xattr_buf); - entry = (struct posix_acl_xattr_entry *) (header + 1); + entry = (struct posix_acl_xattr_entry *) (header + 1); ace = acl->entries; - header->version = htole32 (POSIX_ACL_VERSION); + header->version = htole32 (POSIX_ACL_XATTR_VERSION); for (i = 0; i < acl->count; i++) { entry->tag = htole16 (ace->tag); diff --git a/xlators/system/posix-acl/src/posix-acl-xattr.h b/xlators/system/posix-acl/src/posix-acl-xattr.h index 9035d8761..2933c2057 100644 --- a/xlators/system/posix-acl/src/posix-acl-xattr.h +++ b/xlators/system/posix-acl/src/posix-acl-xattr.h @@ -11,24 +11,10 @@ #ifndef _POSIX_ACL_XATTR_H #define _POSIX_ACL_XATTR_H -#include <stdint.h> - #include "common-utils.h" #include "posix-acl.h" #include "glusterfs.h" - -#define POSIX_ACL_VERSION 2 - -struct posix_acl_xattr_entry { - uint16_t tag; - uint16_t perm; - uint32_t id; -}; - -struct posix_acl_xattr_header { - uint32_t version; - struct posix_acl_xattr_entry entries[0]; -}; +#include "glusterfs-acl.h" struct posix_acl *posix_acl_from_xattr (xlator_t *this, const char *buf, int size); diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c index 3928a56af..947c71c77 100644 --- a/xlators/system/posix-acl/src/posix-acl.c +++ b/xlators/system/posix-acl/src/posix-acl.c @@ -15,12 +15,32 @@ #include "posix-acl.h" #include "posix-acl-xattr.h" +#include "posix-acl-mem-types.h" #define UINT64(ptr) ((uint64_t)((long)(ptr))) #define PTR(num) ((void *)((long)(num))) +int32_t +mem_acct_init (xlator_t *this) +{ + int ret = -1; + + if (!this) + return ret; + + ret = xlator_mem_acct_init (this, gf_posix_acl_mt_end + 1); + + if (ret != 0) { + gf_log(this->name, GF_LOG_ERROR, "Memory accounting init" + "failed"); + return ret; + } + + return ret; +} + static uid_t r00t () { @@ -186,7 +206,7 @@ acl_permits (call_frame_t *frame, inode_t *inode, int want) ace = acl->entries; - if (acl->count > 3) + if (acl->count > POSIX_ACL_MINIMAL_ACE_COUNT) acl_present = 1; for (i = 0; i < acl->count; i++) { @@ -277,7 +297,7 @@ posix_acl_ctx_get (inode_t *inode, xlator_t *this) if ((ret == 0) && (int_ctx)) return PTR(int_ctx); - ctx = CALLOC (1, sizeof (*ctx)); + ctx = GF_CALLOC (1, sizeof (*ctx), gf_posix_acl_mt_ctx_t); if (!ctx) return NULL; @@ -333,7 +353,8 @@ posix_acl_new (xlator_t *this, int entrycnt) struct posix_acl *acl = NULL; struct posix_ace *ace = NULL; - acl = CALLOC (1, sizeof (*acl) + (entrycnt * sizeof (*ace))); + acl = GF_CALLOC (1, sizeof (*acl) + (entrycnt * sizeof (*ace)), + gf_posix_acl_mt_posix_ace_t); if (!acl) return NULL; @@ -348,7 +369,7 @@ posix_acl_new (xlator_t *this, int entrycnt) void posix_acl_destroy (xlator_t *this, struct posix_acl *acl) { - FREE (acl); + GF_FREE (acl); return; } @@ -516,7 +537,7 @@ posix_acl_inherit_mode (struct posix_acl *acl, mode_t modein) if (mask_ce) { mask_ce->perm &= (mode >> 3) | ~S_IRWXO; mode &= (mask_ce->perm << 3) | ~S_IRWXG; - } else { + } else if (group_ce) { group_ce->perm &= (mode >> 3) | ~S_IRWXO; mode &= (group_ce->perm << 3) | ~S_IRWXG; } @@ -577,7 +598,7 @@ posix_acl_inherit (xlator_t *this, loc_t *loc, dict_t *params, mode_t mode, ctx->perm = retmode; size_access = posix_acl_to_xattr (this, acl_access, NULL, 0); - xattr_access = CALLOC (1, size_access); + xattr_access = GF_CALLOC (1, size_access, gf_posix_acl_mt_char); if (!xattr_access) { gf_log (this->name, GF_LOG_ERROR, "out of memory"); ret = -1; @@ -600,7 +621,7 @@ posix_acl_inherit (xlator_t *this, loc_t *loc, dict_t *params, mode_t mode, acl_default = posix_acl_ref (this, par_default); size_default = posix_acl_to_xattr (this, acl_default, NULL, 0); - xattr_default = CALLOC (1, size_default); + xattr_default = GF_CALLOC (1, size_default, gf_posix_acl_mt_char); if (!xattr_default) { gf_log (this->name, GF_LOG_ERROR, "out of memory"); ret = -1; @@ -663,7 +684,12 @@ int posix_acl_ctx_update (inode_t *inode, xlator_t *this, struct iatt *buf) { struct posix_acl_ctx *ctx = NULL; + struct posix_acl *acl = NULL; + struct posix_ace *ace = NULL; + struct posix_ace *mask_ce = NULL; + struct posix_ace *group_ce = NULL; int ret = 0; + int i = 0; ctx = posix_acl_ctx_get (inode, this); if (!ctx) { @@ -676,7 +702,46 @@ posix_acl_ctx_update (inode_t *inode, xlator_t *this, struct iatt *buf) ctx->uid = buf->ia_uid; ctx->gid = buf->ia_gid; ctx->perm = st_mode_from_ia (buf->ia_prot, buf->ia_type); + + acl = ctx->acl_access; + if (!acl || !(acl->count > POSIX_ACL_MINIMAL_ACE_COUNT)) + goto unlock; + + /* This is an extended ACL (not minimal acl). In case we + are only refreshing from iatt and not ACL xattrs (for + e.g. from postattributes of setattr() call, we need to + update the corresponding ACEs as well. + */ + ace = acl->entries; + for (i = 0; i < acl->count; i++) { + switch (ace->tag) { + case POSIX_ACL_USER_OBJ: + ace->perm = (ctx->perm & S_IRWXU) >> 6; + break; + case POSIX_ACL_USER: + case POSIX_ACL_GROUP: + break; + case POSIX_ACL_GROUP_OBJ: + group_ce = ace; + break; + case POSIX_ACL_MASK: + mask_ce = ace; + break; + case POSIX_ACL_OTHER: + ace->perm = (ctx->perm & S_IRWXO); + break; + } + ace++; + } + + if (mask_ce) + mask_ce->perm = (ctx->perm & S_IRWXG) >> 3; + else if (group_ce) + group_ce->perm = (ctx->perm & S_IRWXG) >> 3; + else + ret = -1; } +unlock: UNLOCK(&inode->lock); out: return ret; @@ -1394,6 +1459,11 @@ posix_acl_link (call_frame_t *frame, xlator_t *this, loc_t *old, loc_t *new, dic goto red; } + if (!sticky_permits (frame, new->parent, new->inode)) { + op_errno = EACCES; + goto red; + } + STACK_WIND (frame, posix_acl_link_cbk, FIRST_CHILD(this), FIRST_CHILD(this)->fops->link, old, new, xdata); @@ -1517,12 +1587,16 @@ posix_acl_readdirp (call_frame_t *frame, xlator_t *this, fd_t *fd, size_t size, off_t offset, dict_t *dict) { int ret = 0; + dict_t *alloc_dict = NULL; if (acl_permits (frame, fd->inode, POSIX_ACL_READ)) goto green; else goto red; green: + if (!dict) + dict = alloc_dict = dict_new (); + if (dict) { ret = dict_set_int8 (dict, POSIX_ACL_ACCESS_XATTR, 0); if (ret) @@ -1541,6 +1615,8 @@ green: FIRST_CHILD(this), FIRST_CHILD(this)->fops->readdirp, fd, size, offset, dict); + if (alloc_dict) + dict_unref (alloc_dict); return 0; red: STACK_UNWIND_STRICT (readdirp, frame, -1, EACCES, NULL, NULL); @@ -1995,7 +2071,7 @@ posix_acl_forget (xlator_t *this, inode_t *inode) if (ctx->acl_default) posix_acl_unref (this, ctx->acl_default); - FREE (ctx); + GF_FREE (ctx); out: return 0; } @@ -2023,7 +2099,7 @@ init (xlator_t *this) struct posix_acl *minacl = NULL; struct posix_ace *minace = NULL; - conf = CALLOC (1, sizeof (*conf)); + conf = GF_CALLOC (1, sizeof (*conf), gf_posix_acl_mt_conf_t); if (!conf) { gf_log (this->name, GF_LOG_ERROR, "out of memory"); @@ -2088,8 +2164,11 @@ struct xlator_fops fops = { #if FD_MODE_CHECK_IS_IMPLEMENTED .readv = posix_acl_readv, .writev = posix_acl_writev, -#endif .ftruncate = posix_acl_ftruncate, + .fsetattr = posix_acl_fsetattr, + .fsetxattr = posix_acl_fsetxattr, + .fgetxattr = posix_acl_fgetxattr, +#endif .access = posix_acl_access, .truncate = posix_acl_truncate, .mkdir = posix_acl_mkdir, @@ -2104,11 +2183,8 @@ struct xlator_fops fops = { .readdir = posix_acl_readdir, .readdirp = posix_acl_readdirp, .setattr = posix_acl_setattr, - .fsetattr = posix_acl_fsetattr, .setxattr = posix_acl_setxattr, - .fsetxattr = posix_acl_fsetxattr, .getxattr = posix_acl_getxattr, - .fgetxattr = posix_acl_fgetxattr, .removexattr = posix_acl_removexattr, }; diff --git a/xlators/system/posix-acl/src/posix-acl.h b/xlators/system/posix-acl/src/posix-acl.h index 0c2b647aa..c5e01967a 100644 --- a/xlators/system/posix-acl/src/posix-acl.h +++ b/xlators/system/posix-acl/src/posix-acl.h @@ -11,57 +11,10 @@ #ifndef _POSIX_ACL_H #define _POSIX_ACL_H -#include <stdint.h> - #include "xlator.h" #include "common-utils.h" #include "byte-order.h" - - -#define POSIX_ACL_READ (0x04) -#define POSIX_ACL_WRITE (0x02) -#define POSIX_ACL_EXECUTE (0x01) - -#define POSIX_ACL_UNDEFINED_TAG (0x00) -#define POSIX_ACL_USER_OBJ (0x01) -#define POSIX_ACL_USER (0x02) -#define POSIX_ACL_GROUP_OBJ (0x04) -#define POSIX_ACL_GROUP (0x08) -#define POSIX_ACL_MASK (0x10) -#define POSIX_ACL_OTHER (0x20) - -#define POSIX_ACL_UNDEFINED_ID ((id_t)-1) - - -struct posix_ace { - uint16_t tag; - uint16_t perm; - uint32_t id; -}; - - -struct posix_acl { - int refcnt; - int count; - struct posix_ace entries[0]; -}; - - -struct posix_acl_ctx { - uid_t uid; - gid_t gid; - mode_t perm; - struct posix_acl *acl_access; - struct posix_acl *acl_default; -}; - - -struct posix_acl_conf { - gf_lock_t acl_lock; - uid_t super_uid; - struct posix_acl *minimal_acl; -}; - +#include "glusterfs-acl.h" struct posix_acl *posix_acl_new (xlator_t *this, int entry_count); struct posix_acl *posix_acl_ref (xlator_t *this, struct posix_acl *acl); |