posix-acl: perform access checks on read/write/truncate for NFS callsv3.2.2qa3

Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
author: Anand Avati <avati@gluster.com> 2011-07-08 11:35:49 +0000
committer: Anand Avati <avati@gluster.com> 2011-07-08 10:24:21 -0700
commit: 1b01b648944b8a55e09105cafdb9e28021e78574 (patch)
tree: 894eef5b66e693a356dfbc55dde3db7672fd8bef /xlators
parent: 8236cf1775f5db918a951773628b35080fed1de1 (diff)
1 files changed, 108 insertions, 3 deletions
diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c
index 8e6a750b34b..a712ab7ebe5 100644
--- a/xlators/system/posix-acl/src/posix-acl.c
+++ b/xlators/system/posix-acl/src/posix-acl.c
@@ -772,7 +772,7 @@ posix_acl_access (call_frame_t *frame, xlator_t *this, loc_t *loc, int mask)
         int  is_fuse_call = 0;
 
         is_fuse_call = __is_fuse_call (frame);
-        
+
         if (mask & R_OK)
                 perm |= POSIX_ACL_READ;
         if (mask & W_OK)
@@ -802,7 +802,7 @@ posix_acl_access (call_frame_t *frame, xlator_t *this, loc_t *loc, int mask)
                         if (acl_permits (frame, loc->inode, POSIX_ACL_READ))
                                 mode |= POSIX_ACL_READ;
                 }
-                
+
                 if (perm & POSIX_ACL_WRITE) {
                         if (acl_permits (frame, loc->inode, POSIX_ACL_WRITE))
                                 mode |= POSIX_ACL_WRITE;
@@ -814,7 +814,6 @@ posix_acl_access (call_frame_t *frame, xlator_t *this, loc_t *loc, int mask)
                 }
         }
 
-                
 unwind:
         if (is_fuse_call)
                 STACK_UNWIND_STRICT (access, frame, op_ret, op_errno);
@@ -898,6 +897,109 @@ red:
 }
 
 
+int
+posix_acl_readv_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
+                     int op_ret, int op_errno, struct iovec *vector,
+                     int count, struct iatt *stbuf, struct iobref *iobref)
+{
+        STACK_UNWIND_STRICT (readv, frame, op_ret, op_errno, vector, count,
+                             stbuf, iobref);
+        return 0;
+}
+
+
+int
+posix_acl_readv (call_frame_t *frame, xlator_t *this, fd_t *fd,
+                 size_t size, off_t offset)
+{
+        if (__is_fuse_call (frame))
+                goto green;
+
+        if (acl_permits (frame, fd->inode, POSIX_ACL_READ))
+                goto green;
+        else
+                goto red;
+
+green:
+        STACK_WIND (frame, posix_acl_readv_cbk,
+                    FIRST_CHILD(this), FIRST_CHILD(this)->fops->readv,
+                    fd, size, offset);
+        return 0;
+red:
+        STACK_UNWIND_STRICT (readv, frame, -1, EACCES, NULL, 0, NULL, NULL);
+        return 0;
+}
+
+
+int
+posix_acl_writev_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
+                      int op_ret, int op_errno,
+                      struct iatt *prebuf, struct iatt *postbuf)
+{
+        STACK_UNWIND_STRICT (writev, frame, op_ret, op_errno,
+                             prebuf, postbuf);
+        return 0;
+}
+
+
+int
+posix_acl_writev (call_frame_t *frame, xlator_t *this, fd_t *fd,
+                  struct iovec *vector, int count, off_t offset,
+                  struct iobref *iobref)
+{
+        if (__is_fuse_call (frame))
+                goto green;
+
+        if (acl_permits (frame, fd->inode, POSIX_ACL_WRITE))
+                goto green;
+        else
+                goto red;
+
+green:
+        STACK_WIND (frame, posix_acl_writev_cbk,
+                    FIRST_CHILD(this), FIRST_CHILD(this)->fops->writev,
+                    fd, vector, count, offset, iobref);
+        return 0;
+red:
+        STACK_UNWIND_STRICT (writev, frame, -1, EACCES, NULL, NULL);
+        return 0;
+}
+
+
+
+int
+posix_acl_ftruncate_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
+                         int op_ret, int op_errno,
+                         struct iatt *prebuf, struct iatt *postbuf)
+{
+        STACK_UNWIND_STRICT (ftruncate, frame, op_ret, op_errno,
+                             prebuf, postbuf);
+        return 0;
+}
+
+
+int
+posix_acl_ftruncate (call_frame_t *frame, xlator_t *this, fd_t *fd,
+                     off_t offset)
+{
+        if (__is_fuse_call (frame))
+                goto green;
+
+        if (acl_permits (frame, fd->inode, POSIX_ACL_WRITE))
+                goto green;
+        else
+                goto red;
+
+green:
+        STACK_WIND (frame, posix_acl_ftruncate_cbk,
+                    FIRST_CHILD(this), FIRST_CHILD(this)->fops->ftruncate,
+                    fd, offset);
+        return 0;
+red:
+        STACK_UNWIND_STRICT (ftruncate, frame, -1, EACCES, NULL, NULL);
+        return 0;
+}
+
 
 int
 posix_acl_opendir_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
@@ -1802,6 +1904,9 @@ fini (xlator_t *this)
 struct xlator_fops fops = {
         .lookup           = posix_acl_lookup,
         .open             = posix_acl_open,
+        .readv            = posix_acl_readv,
+        .writev           = posix_acl_writev,
+        .ftruncate        = posix_acl_ftruncate,
         .access           = posix_acl_access,
         .truncate         = posix_acl_truncate,
         .mkdir            = posix_acl_mkdir,
author	Anand Avati <avati@gluster.com>	2011-07-08 11:35:49 +0000
committer	Anand Avati <avati@gluster.com>	2011-07-08 10:24:21 -0700
commit	1b01b648944b8a55e09105cafdb9e28021e78574 (patch)
tree	894eef5b66e693a356dfbc55dde3db7672fd8bef /xlators
parent	8236cf1775f5db918a951773628b35080fed1de1 (diff)