summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnand Avati <avati@gluster.com>2011-07-08 11:35:49 +0000
committerAnand Avati <avati@gluster.com>2011-07-08 10:24:21 -0700
commit1b01b648944b8a55e09105cafdb9e28021e78574 (patch)
tree894eef5b66e693a356dfbc55dde3db7672fd8bef
parent8236cf1775f5db918a951773628b35080fed1de1 (diff)
posix-acl: perform access checks on read/write/truncate for NFS callsv3.2.2qa3
Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
-rw-r--r--xlators/system/posix-acl/src/posix-acl.c111
1 files changed, 108 insertions, 3 deletions
diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c
index 8e6a750b34b..a712ab7ebe5 100644
--- a/xlators/system/posix-acl/src/posix-acl.c
+++ b/xlators/system/posix-acl/src/posix-acl.c
@@ -772,7 +772,7 @@ posix_acl_access (call_frame_t *frame, xlator_t *this, loc_t *loc, int mask)
int is_fuse_call = 0;
is_fuse_call = __is_fuse_call (frame);
-
+
if (mask & R_OK)
perm |= POSIX_ACL_READ;
if (mask & W_OK)
@@ -802,7 +802,7 @@ posix_acl_access (call_frame_t *frame, xlator_t *this, loc_t *loc, int mask)
if (acl_permits (frame, loc->inode, POSIX_ACL_READ))
mode |= POSIX_ACL_READ;
}
-
+
if (perm & POSIX_ACL_WRITE) {
if (acl_permits (frame, loc->inode, POSIX_ACL_WRITE))
mode |= POSIX_ACL_WRITE;
@@ -814,7 +814,6 @@ posix_acl_access (call_frame_t *frame, xlator_t *this, loc_t *loc, int mask)
}
}
-
unwind:
if (is_fuse_call)
STACK_UNWIND_STRICT (access, frame, op_ret, op_errno);
@@ -898,6 +897,109 @@ red:
}
+int
+posix_acl_readv_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
+ int op_ret, int op_errno, struct iovec *vector,
+ int count, struct iatt *stbuf, struct iobref *iobref)
+{
+ STACK_UNWIND_STRICT (readv, frame, op_ret, op_errno, vector, count,
+ stbuf, iobref);
+ return 0;
+}
+
+
+int
+posix_acl_readv (call_frame_t *frame, xlator_t *this, fd_t *fd,
+ size_t size, off_t offset)
+{
+ if (__is_fuse_call (frame))
+ goto green;
+
+ if (acl_permits (frame, fd->inode, POSIX_ACL_READ))
+ goto green;
+ else
+ goto red;
+
+green:
+ STACK_WIND (frame, posix_acl_readv_cbk,
+ FIRST_CHILD(this), FIRST_CHILD(this)->fops->readv,
+ fd, size, offset);
+ return 0;
+red:
+ STACK_UNWIND_STRICT (readv, frame, -1, EACCES, NULL, 0, NULL, NULL);
+ return 0;
+}
+
+
+int
+posix_acl_writev_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
+ int op_ret, int op_errno,
+ struct iatt *prebuf, struct iatt *postbuf)
+{
+ STACK_UNWIND_STRICT (writev, frame, op_ret, op_errno,
+ prebuf, postbuf);
+ return 0;
+}
+
+
+int
+posix_acl_writev (call_frame_t *frame, xlator_t *this, fd_t *fd,
+ struct iovec *vector, int count, off_t offset,
+ struct iobref *iobref)
+{
+ if (__is_fuse_call (frame))
+ goto green;
+
+ if (acl_permits (frame, fd->inode, POSIX_ACL_WRITE))
+ goto green;
+ else
+ goto red;
+
+green:
+ STACK_WIND (frame, posix_acl_writev_cbk,
+ FIRST_CHILD(this), FIRST_CHILD(this)->fops->writev,
+ fd, vector, count, offset, iobref);
+ return 0;
+red:
+ STACK_UNWIND_STRICT (writev, frame, -1, EACCES, NULL, NULL);
+ return 0;
+}
+
+
+
+int
+posix_acl_ftruncate_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
+ int op_ret, int op_errno,
+ struct iatt *prebuf, struct iatt *postbuf)
+{
+ STACK_UNWIND_STRICT (ftruncate, frame, op_ret, op_errno,
+ prebuf, postbuf);
+ return 0;
+}
+
+
+int
+posix_acl_ftruncate (call_frame_t *frame, xlator_t *this, fd_t *fd,
+ off_t offset)
+{
+ if (__is_fuse_call (frame))
+ goto green;
+
+ if (acl_permits (frame, fd->inode, POSIX_ACL_WRITE))
+ goto green;
+ else
+ goto red;
+
+green:
+ STACK_WIND (frame, posix_acl_ftruncate_cbk,
+ FIRST_CHILD(this), FIRST_CHILD(this)->fops->ftruncate,
+ fd, offset);
+ return 0;
+red:
+ STACK_UNWIND_STRICT (ftruncate, frame, -1, EACCES, NULL, NULL);
+ return 0;
+}
+
int
posix_acl_opendir_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
@@ -1802,6 +1904,9 @@ fini (xlator_t *this)
struct xlator_fops fops = {
.lookup = posix_acl_lookup,
.open = posix_acl_open,
+ .readv = posix_acl_readv,
+ .writev = posix_acl_writev,
+ .ftruncate = posix_acl_ftruncate,
.access = posix_acl_access,
.truncate = posix_acl_truncate,
.mkdir = posix_acl_mkdir,