glusterfs.git/xlators/system, branch v3.7.3 access_control : avoid double unrefing of acl variable in its context. 2015-07-12T13:40:52+00:00 Jiffin Tony Thottan jthottan@redhat.com 2015-07-11T10:17:18+00:00 8bb1a1c0cbfeabaf74bf18f7ddc0245733fb57cd In handling_other_acl_related_xattr(), acl variable is unrefered twice after updating the context of access_control translator.So the acl variable stored in the inmemory context will become invalid one. When the variable accessed again , it will result in brick crash. This patch fixes the same. Backport of http://review.gluster.org/#/c/11632/ >Change-Id: Ib95d2e3d67b0fb20d201244a206379d6261aeb23 >BUG: 1242041 >Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com> Change-Id: I5dc69d8ea8f3e4740a90a52cabf86e317950a659 BUG: 1242044 Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com> Reviewed-on: http://review.gluster.org/11634 Tested-by: Gluster Build System <jenkins@build.gluster.com> Tested-by: NetBSD Build System <jenkins@build.gluster.org> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> 
In handling_other_acl_related_xattr(), acl variable is unrefered twice
after updating the context of access_control translator.So the acl variable
stored in the inmemory context will become invalid one. When the variable
accessed again , it will result in brick crash. This patch fixes the same.

Backport of http://review.gluster.org/#/c/11632/

>Change-Id: Ib95d2e3d67b0fb20d201244a206379d6261aeb23
>BUG: 1242041
>Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>

Change-Id: I5dc69d8ea8f3e4740a90a52cabf86e317950a659
BUG: 1242044
Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
Reviewed-on: http://review.gluster.org/11634
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
access-control : validating context of access control translator 2015-07-03T11:39:11+00:00 Jiffin Tony Thottan jthottan@redhat.com 2015-06-09T18:38:39+00:00 4df4c2092478a9813b6bb4b4ee00ed8f4ca2fea0 By introduction of new acl conversion from http://review.gluster.org/#/c/9627/, an acl can be set using GF_POSIX_ACL_*_KEY xattrs without notifying the access-control translator. So evenif an acl is set correctly at the backend, it might not work properly because access-control holds wrong acl information in its context about that file. Note : This is a simple workaround. The actual solution consists of three steps: 1.) Use new acl api's for acl conversion. 2.) Move the acl conversion part from access-control translator 3.) Introduces standard acl structures and libaries in access-translator for caching, enforcing purposes. Backport of http://review.gluster.org/#/c/11144/ >Change-Id: Iacb6b323810ebe82f7f171f20be16429463cbcf0 >BUG: 1229860 >Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com> >Reviewed-on: http://review.gluster.org/11144 >Reviewed-by: Niels de Vos <ndevos@redhat.com> >Tested-by: Gluster Build System <jenkins@build.gluster.com> >Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> >cherry-picked from 81cb71e9317e380b1d414038223c72643b35e664 Change-Id: I935f28704a2d401df8224f5042bf7b38177a8a0f BUG: 1230327 Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com> Reviewed-on: http://review.gluster.org/11519 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> 
By introduction of new acl conversion from http://review.gluster.org/#/c/9627/,
an acl can be set using GF_POSIX_ACL_*_KEY xattrs without notifying the
access-control translator. So evenif an acl is set correctly at the backend, it
might not work properly because access-control holds wrong acl information in
its context about that file.

Note : This is a simple workaround. The actual solution consists of three steps:
1.) Use new acl api's for acl conversion.
2.) Move the acl conversion part from access-control translator
3.) Introduces standard acl structures and libaries in access-translator
for caching, enforcing purposes.

Backport of http://review.gluster.org/#/c/11144/

>Change-Id: Iacb6b323810ebe82f7f171f20be16429463cbcf0
>BUG: 1229860
>Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
>Reviewed-on: http://review.gluster.org/11144
>Reviewed-by: Niels de Vos <ndevos@redhat.com>
>Tested-by: Gluster Build System <jenkins@build.gluster.com>
>Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
>cherry-picked from 81cb71e9317e380b1d414038223c72643b35e664

Change-Id: I935f28704a2d401df8224f5042bf7b38177a8a0f
BUG: 1230327
Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
Reviewed-on: http://review.gluster.org/11519
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
build: Remove files completely in make uninstall. 2015-01-01T11:10:29+00:00 Raghavendra Talur rtalur@redhat.com 2014-12-30T11:46:57+00:00 c8263975862afa9e5afc603bf2d05ab93087bcc4 If we create symlinks are part of make install, should remove them as part of make uninstall. Change-Id: Ie6e641caed60104cd256de4f020c1c6743d4ae60 BUG: 1177767 Signed-off-by: Raghavendra Talur <rtalur@redhat.com> Reviewed-on: http://review.gluster.org/9367 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Niels de Vos <ndevos@redhat.com> 
If we create symlinks are part of make install,
should remove them as part of make uninstall.

Change-Id: Ie6e641caed60104cd256de4f020c1c6743d4ae60
BUG: 1177767
Signed-off-by: Raghavendra Talur <rtalur@redhat.com>
Reviewed-on: http://review.gluster.org/9367
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
gNFS: Allow reading ACLs even without read permissions on the file. 2014-11-13T19:58:00+00:00 Meghana Madhusudhan mmadhusu@redhat.com 2014-11-10T09:50:51+00:00 878b30420891c8b00043391cdce90930eaf18795 When root-squash is enabled or when no permissions are given to a file, NFS threw permission errors. According to the kernel-nfs behaviour, no permissions are required to read ACLs. When no ACLs are set, the system call sys_lgetxattr fails and returns a ENODATA error. This translates to ESERVERFAULT error in NFS. Fuse makes an exception to this error and returns a success case. Similar changes are made here to achieve the expected behaviour. Change-Id: I46b8f5911114eb087a3f8ca4e921b6b41e83f3b3 BUG: 1161092 Signed-off-by: Meghana Madhusudhan <mmadhusu@redhat.com> Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/9085 Tested-by: Gluster Build System <jenkins@build.gluster.com> 
When root-squash is enabled or when no permissions are given to
a file, NFS threw permission errors. According to the kernel-nfs
behaviour, no permissions are required to read ACLs.

When no ACLs are set, the system call sys_lgetxattr fails and
returns a ENODATA error. This translates to ESERVERFAULT error
in NFS. Fuse makes an exception to this error and returns a success
case. Similar changes are made here to achieve the expected behaviour.

Change-Id: I46b8f5911114eb087a3f8ca4e921b6b41e83f3b3
BUG: 1161092
Signed-off-by: Meghana Madhusudhan <mmadhusu@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9085
Tested-by: Gluster Build System <jenkins@build.gluster.com>
gNFS: allow truncate() from SETATTR over NFS for owner 2014-10-02T07:24:36+00:00 Niels de Vos ndevos@redhat.com 2014-09-29T18:03:58+00:00 f2131b8c79641c1bf9e20657757bcc9a62a0625a NFSv3 does not have a TRUNCATE procedure, instead it is part of the SETATTR (change the 'size' attribute). SETATTR with a new 'size' succeeds on other NFS-servers, even when the owner of the file does not have write permissions. Make Gluster/NFS behave the same way, by checking if the RPC/pid comes from the NFS-server, and allow truncate() when the file is owned by the user calling SETATTR. BUG: 955753 Change-Id: I4b7cb8efe5a2032c6cd2eef6af610032f76d8b39 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/8889 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: soumya k <skoduri@redhat.com> 
NFSv3 does not have a TRUNCATE procedure, instead it is part of the
SETATTR (change the 'size' attribute). SETATTR with a new 'size'
succeeds on other NFS-servers, even when the owner of the file does not
have write permissions. Make Gluster/NFS behave the same way, by
checking if the RPC/pid comes from the NFS-server, and allow truncate()
when the file is owned by the user calling SETATTR.

BUG: 955753
Change-Id: I4b7cb8efe5a2032c6cd2eef6af610032f76d8b39
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8889
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: soumya k <skoduri@redhat.com>
gNFS: Inconsistent behaviour of setfacl/getfacl 2013-12-03T23:22:03+00:00 Santosh Kumar Pradhan spradhan@redhat.com 2013-11-27T10:20:21+00:00 e4b9a74f46bca3894d686ce87042168c4304f07b The permissions returned by NFS ACL are wrong, which are rejected by NFS client as "Invalid argument". Refactor the NFS ACL code to return the proper permissions which would match with the requested permissions. Change-Id: I409a6600538a90f2c5c2e8d84657c3b508468fe6 BUG: 1035218 Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> Reviewed-on: http://review.gluster.org/6368 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com> 
The permissions returned by NFS ACL are wrong, which are rejected
by NFS client as "Invalid argument". Refactor the NFS ACL code
to return the proper permissions which would match with the
requested permissions.

Change-Id: I409a6600538a90f2c5c2e8d84657c3b508468fe6
BUG: 1035218
Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
Reviewed-on: http://review.gluster.org/6368
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
posix-acl: Fix crash resulting from GF_FREE() done on a CALLOC'd object 2013-11-28T16:46:33+00:00 Krutika Dhananjay kdhananj@redhat.com 2013-11-28T11:17:09+00:00 72d3dde33bd12f4aea96d59097bef5df45672610 The object in question was created in posix_acl_inherit () and was being GF_FREE'd as part of data_destroy(). Change-Id: Ibdb7c3b5c10ce447f061bde68452502e5170de92 BUG: 1035751 Signed-off-by: Krutika Dhananjay <kdhananj@redhat.com> Reviewed-on: http://review.gluster.org/6377 Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
The object in question was created in posix_acl_inherit () and
was being GF_FREE'd as part of data_destroy().

Change-Id: Ibdb7c3b5c10ce447f061bde68452502e5170de92
BUG: 1035751
Signed-off-by: Krutika Dhananjay <kdhananj@redhat.com>
Reviewed-on: http://review.gluster.org/6377
Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
gNFS: Incorrect NFS ACL encoding for XFS 2013-09-29T23:54:37+00:00 Santosh Kumar Pradhan spradhan@redhat.com 2013-09-19T06:31:38+00:00 e9554f7792d893f0ea8afe368829f9944ef52bdf Problem: Incorrect NFS ACL encoding causes "system.posix_acl_default" setxattr failure on bricks on XFS file system. XFS (potentially others?) doesn't understand when the 0x10 prefix is added to the ACL type field for default ACLs (which the Linux NFS client adds) which causes setfacl()->setxattr() to fail silently. NFS client adds NFS_ACL_DEFAULT(0x1000) for default ACL. FIX: Mask the prefix (added by NFS client) OFF, so the setfacl is not rejected when it hits the FS. Original patch by: "Richard Wareing" Change-Id: I17ad27d84f030cdea8396eb667ee031f0d41b396 BUG: 1009210 Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> Reviewed-on: http://review.gluster.org/5980 Reviewed-by: Amar Tumballi <amarts@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com> 
Problem:
Incorrect NFS ACL encoding causes "system.posix_acl_default"
setxattr failure on bricks on XFS file system. XFS (potentially
others?) doesn't understand when the 0x10 prefix is added to the
ACL type field for default ACLs (which the Linux NFS client adds)
which causes setfacl()->setxattr() to fail silently. NFS client
adds NFS_ACL_DEFAULT(0x1000) for default ACL.

FIX:
Mask the prefix (added by NFS client) OFF, so the setfacl is not
rejected when it hits the FS.

Original patch by: "Richard Wareing"

Change-Id: I17ad27d84f030cdea8396eb667ee031f0d41b396
BUG: 1009210
Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
Reviewed-on: http://review.gluster.org/5980
Reviewed-by: Amar Tumballi <amarts@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
posix-acl: fixup extended ACL entries properly 2013-09-25T07:31:04+00:00 Anand Avati avati@redhat.com 2013-09-15T22:00:06+00:00 8737b4697ad555a1e49ef87b5d439bfb74d8b5b5 Typically when updating cached ACL from backend, we get both iatt and ACL xattrs (like lookup, readdirplus etc.) However in calls like setattr(), the mode would have updated but we receive only iatt and not the ACL xattrs. In such case we need to "spread" the effects of the changed mode properly into the cached ACL xattr ourselves. Change-Id: I23a7bc9c14722ff6848e175ed4bbe863a21ce2c9 BUG: 998967 Signed-off-by: Anand Avati <avati@redhat.com> Reviewed-on: http://review.gluster.org/5979 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Amar Tumballi <amarts@redhat.com> 
Typically when updating cached ACL from backend, we get both iatt and
ACL xattrs (like lookup, readdirplus etc.) However in calls like
setattr(), the mode would have updated but we receive only iatt and not
the ACL xattrs. In such case we need to "spread" the effects of the
changed mode properly into the cached ACL xattr ourselves.

Change-Id: I23a7bc9c14722ff6848e175ed4bbe863a21ce2c9
BUG: 998967
Signed-off-by: Anand Avati <avati@redhat.com>
Reviewed-on: http://review.gluster.org/5979
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Amar Tumballi <amarts@redhat.com>
system/posix-acl: check for the sticky bit of the parent directory 2013-06-03T23:11:12+00:00 Raghavendra Bhat raghavendra@redhat.com 2013-05-02T07:26:46+00:00 3f5e575a0744488b4a1719c3e61864c3abc9ac22 * While creating links, check if there is sticky bit set for the parent directory and whether the sticky bit permits the user to create the link. Change-Id: Ic0d09d9ed579c4eb47462c71602a3a60cc7d3bc1 BUG: 958691 Signed-off-by: Raghavendra Bhat <raghavendra@redhat.com> Reviewed-on: http://review.gluster.org/4934 Reviewed-by: Amar Tumballi <amarts@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com> 
* While creating links, check if there is sticky bit set for the parent
  directory and whether the sticky bit permits the user to create the link.

Change-Id: Ic0d09d9ed579c4eb47462c71602a3a60cc7d3bc1
BUG: 958691
Signed-off-by: Raghavendra Bhat <raghavendra@redhat.com>
Reviewed-on: http://review.gluster.org/4934
Reviewed-by: Amar Tumballi <amarts@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>