diff options
| author | Pranith K <pranithk@gluster.com> | 2011-01-24 01:49:23 +0000 |
|---|---|---|
| committer | Anand V. Avati <avati@dev.gluster.com> | 2011-01-26 23:42:21 -0800 |
| commit | 40cdb88962cff1d32cd46cb089ad8bcd9be3d62d (patch) | |
| tree | 44690b776d266e1253a9d84f714e6d72013713fd | |
| parent | 945ac04532d5efeeef324be485dcf2bade41708e (diff) | |
features/access-control: skip access-tests if the call is from fuse
Fuse cant send aux gids. So access-control checks treat
non-primary-group membership of user as "other". So skip
access-control checks if the call is from fuse. We added a hack to
treat all calls with pid set to 1 as calls from nfs. So for calls with pid
not 1 we skip the access-control checks on all fops.
Signed-off-by: Pranith Kumar K <pranithk@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 2296 (svn / subversion fails on gluster volume (replicated and non-replicated))
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2296
| -rw-r--r-- | libglusterfs/src/stack.c | 11 | ||||
| -rw-r--r-- | libglusterfs/src/stack.h | 3 | ||||
| -rw-r--r-- | xlators/features/access-control/src/access-control.c | 76 | ||||
| -rw-r--r-- | xlators/nfs/server/src/nfs-fops.c | 1 |
4 files changed, 90 insertions, 1 deletions
diff --git a/libglusterfs/src/stack.c b/libglusterfs/src/stack.c index b2659c57fe3..53c21f7c625 100644 --- a/libglusterfs/src/stack.c +++ b/libglusterfs/src/stack.c @@ -163,3 +163,14 @@ gf_proc_dump_pending_frames (call_pool_t *call_pool) UNLOCK (&(call_pool->lock)); } +gf_boolean_t +__is_fuse_call (call_frame_t *frame) +{ + gf_boolean_t is_fuse_call = _gf_false; + GF_ASSERT (frame); + GF_ASSERT (frame->root); + + if (NFS_PID != frame->root->pid) + is_fuse_call = _gf_true; + return is_fuse_call; +} diff --git a/libglusterfs/src/stack.h b/libglusterfs/src/stack.h index b06470bf5fc..f06267c3848 100644 --- a/libglusterfs/src/stack.h +++ b/libglusterfs/src/stack.h @@ -45,6 +45,7 @@ typedef struct _call_pool_t call_pool_t; #include "common-utils.h" #include "globals.h" +#define NFS_PID 1 typedef int32_t (*ret_fn_t) (call_frame_t *frame, call_frame_t *prev_frame, xlator_t *this, @@ -363,4 +364,6 @@ create_frame (xlator_t *xl, call_pool_t *pool) void gf_proc_dump_pending_frames(call_pool_t *call_pool); +gf_boolean_t +__is_fuse_call (call_frame_t *frame); #endif /* _STACK_H */ diff --git a/xlators/features/access-control/src/access-control.c b/xlators/features/access-control/src/access-control.c index 802d7cf6f7f..7b5689dace6 100644 --- a/xlators/features/access-control/src/access-control.c +++ b/xlators/features/access-control/src/access-control.c @@ -52,7 +52,6 @@ __get_frame_stub (call_frame_t *fr) return st; } - int ac_test_owner_access (struct iatt *ia, uid_t uid, int accesstest) { @@ -372,6 +371,10 @@ ac_truncate (call_frame_t *frame, xlator_t *this, loc_t *loc, off_t offset) call_stub_t *stub = NULL; int ret = -EFAULT; + if (__is_fuse_call (frame)) { + ac_truncate_resume (frame, this, loc, offset); + return 0; + } stub = fop_truncate_stub (frame, ac_truncate_resume, loc, offset); if (!stub) { gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: " @@ -459,6 +462,10 @@ ac_access (call_frame_t *frame, xlator_t *this, loc_t *loc, int32_t mask) call_stub_t *stub = NULL; int ret = -EFAULT; + if (__is_fuse_call (frame)) { + ac_access_resume (frame, this, loc, mask); + return 0; + } stub = fop_access_stub (frame, ac_access_resume, loc, mask); if (!stub) { gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: " @@ -524,6 +531,10 @@ ac_readlink (call_frame_t *frame, xlator_t *this, loc_t *loc, size_t size) call_stub_t *stub = NULL; int ret = -EFAULT; + if (__is_fuse_call (frame)) { + ac_readlink_resume (frame, this, loc, size); + return 0; + } stub = fop_readlink_stub (frame, ac_readlink_resume, loc, size); if (!stub) { gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: " @@ -594,6 +605,10 @@ ac_mknod (call_frame_t *frame, xlator_t *this, loc_t *loc, mode_t mode, int ret = -EFAULT; loc_t parentloc = {0, }; + if (__is_fuse_call (frame)) { + ac_mknod_resume (frame, this, loc, mode, rdev, params); + return 0; + } stub = fop_mknod_stub (frame, ac_mknod_resume, loc, mode, rdev, params); if (!stub) { gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: " @@ -679,6 +694,10 @@ ac_mkdir (call_frame_t *frame, xlator_t *this, loc_t *loc, mode_t mode, int ret = -EFAULT; loc_t parentloc = {0, }; + if (__is_fuse_call (frame)) { + ac_mkdir_resume (frame, this, loc, mode, params); + return 0; + } stub = fop_mkdir_stub (frame, ac_mkdir_resume, loc, mode, params); if (!stub) { gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: " @@ -757,6 +776,10 @@ ac_unlink (call_frame_t *frame, xlator_t *this, loc_t *loc) int ret = -EFAULT; loc_t parentloc = {0, }; + if (__is_fuse_call (frame)) { + ac_unlink_resume (frame, this, loc); + return 0; + } stub = fop_unlink_stub (frame, ac_unlink_resume, loc); if (!stub) { gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: " @@ -834,6 +857,10 @@ ac_rmdir (call_frame_t *frame, xlator_t *this, loc_t *loc, int flags) int ret = -EFAULT; loc_t parentloc = {0, }; + if (__is_fuse_call (frame)) { + ac_rmdir_resume (frame, this, loc, flags); + return 0; + } stub = fop_rmdir_stub (frame, ac_rmdir_resume, loc, flags); if (!stub) { gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: " @@ -914,6 +941,10 @@ ac_symlink (call_frame_t *frame, xlator_t *this, const char *linkname, int ret = -EFAULT; loc_t parentloc = {0, }; + if (__is_fuse_call (frame)) { + ac_symlink_resume (frame, this, linkname, loc, params); + return 0; + } stub = fop_symlink_stub (frame, ac_symlink_resume, linkname, loc, params); if (!stub) { @@ -1040,6 +1071,10 @@ ac_rename (call_frame_t *frame, xlator_t *this, loc_t *oldloc, loc_t *newloc) int ret = -EFAULT; loc_t parentloc = {0, }; + if (__is_fuse_call (frame)) { + ac_rename_resume (frame, this, oldloc, newloc); + return 0; + } stub = fop_rename_stub (frame, ac_rename_resume, oldloc, newloc); if (!stub) { gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: " @@ -1125,6 +1160,10 @@ ac_link (call_frame_t *frame, xlator_t *this, loc_t *oldloc, loc_t *newloc) int ret = -EFAULT; loc_t parentloc = {0, }; + if (__is_fuse_call (frame)) { + ac_link_resume (frame, this, oldloc, newloc); + return 0; + } stub = fop_link_stub (frame, ac_link_resume, oldloc, newloc); if (!stub) { gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: " @@ -1207,6 +1246,10 @@ ac_create (call_frame_t *frame, xlator_t *this, loc_t *loc, int32_t flags, int ret = -EFAULT; loc_t parentloc = {0, }; + if (__is_fuse_call (frame)) { + ac_create_resume (frame, this, loc, flags, mode, fd, params); + return 0; + } stub = fop_create_stub (frame, ac_create_resume, loc, flags, mode, fd, params); if (!stub) { @@ -1366,6 +1409,11 @@ ac_open (call_frame_t *frame, xlator_t *this, loc_t *loc, int32_t flags, call_stub_t *stub = NULL; int ret = -EFAULT; + if (__is_fuse_call (frame)) { + ret = ac_open_resume (frame, this, loc, flags, fd, wbflags); + return 0; + } + stub = fop_open_stub (frame, ac_open_resume, loc, flags, fd, wbflags); if (!stub) { gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: " @@ -1443,6 +1491,11 @@ ac_readv (call_frame_t *frame, xlator_t *this, fd_t *fd, size_t size, call_stub_t *stub = NULL; int ret = -EFAULT; + if (__is_fuse_call (frame)) { + ret = ac_readv_resume (frame, this, fd, size, offset); + return 0; + } + stub = fop_readv_stub (frame, ac_readv_resume, fd, size, offset); if (!stub) { gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: " @@ -1514,6 +1567,12 @@ ac_writev (call_frame_t *frame, xlator_t *this, fd_t *fd, struct iovec *vector, call_stub_t *stub = NULL; int ret = -EFAULT; + if (__is_fuse_call (frame)) { + ret = ac_writev_resume (frame, this, fd, vector, count, + offset, iobref); + return 0; + } + stub = fop_writev_stub (frame, ac_writev_resume, fd, vector, count, offset, iobref); if (!stub) { @@ -1578,6 +1637,11 @@ ac_opendir (call_frame_t *frame, xlator_t *this, loc_t *loc, fd_t *fd) call_stub_t *stub = NULL; int ret = -EFAULT; + if (__is_fuse_call (frame)) { + ret = ac_opendir_resume (frame, this, loc, fd); + return 0; + } + stub = fop_opendir_stub (frame, ac_opendir_resume, loc, fd); if (!stub) { gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: " @@ -1683,6 +1747,11 @@ ac_setattr (call_frame_t *frame, xlator_t *this, loc_t *loc, struct iatt *buf, call_stub_t *stub = NULL; int ret = -EFAULT; + if (__is_fuse_call (frame)) { + ret = ac_setattr_resume (frame, this, loc, buf, valid); + return 0; + } + stub = fop_setattr_stub (frame, ac_setattr_resume, loc, buf, valid); if (!stub) { gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: " @@ -1789,6 +1858,11 @@ ac_fsetattr (call_frame_t *frame, xlator_t *this, fd_t *fd, struct iatt *buf, call_stub_t *stub = NULL; int ret = -EFAULT; + if (__is_fuse_call (frame)) { + ret = ac_fsetattr_resume (frame, this, fd, buf, valid); + return 0; + } + stub = fop_fsetattr_stub (frame, ac_fsetattr_resume, fd, buf, valid); if (!stub) { gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: " diff --git a/xlators/nfs/server/src/nfs-fops.c b/xlators/nfs/server/src/nfs-fops.c index cf74708f886..068d08cf3b5 100644 --- a/xlators/nfs/server/src/nfs-fops.c +++ b/xlators/nfs/server/src/nfs-fops.c @@ -122,6 +122,7 @@ nfs_create_frame (xlator_t *xl, nfs_user_t *nfu) frame = create_frame (xl, (call_pool_t *)xl->ctx->pool); if (!frame) goto err; + frame->root->pid = NFS_PID; frame->root->uid = nfu->uid; frame->root->gid = nfu->gids[NFS_PRIMGID_IDX]; if (nfu->ngrps == 1) |