diff options
| author | Rajesh Amaravathi <rajesh@redhat.com> | 2012-02-29 15:16:53 +0530 |
|---|---|---|
| committer | Vijay Bellur <vijay@gluster.com> | 2012-03-05 09:17:47 -0800 |
| commit | 6756245b1514374712136c8dc1f4ac2a19a6da21 (patch) | |
| tree | f2620650880325ac3d0b280c349372cd50d3382d /xlators | |
| parent | 33b9f156e6b6137e33bd9becfe640166986ecc55 (diff) | |
fops/removexattr: prevent users from removing glusterfs xattrs
* Each xlator prevents the user from removing xlator-specific
xattrs like trusted.gfid by handling it in respective removexattr
functions.
* For xlators which did not define remove and fremovexattr,
the functions have been implemented with appropriate checks.
xlator | fops-added
_______________|__________________________
|
1. stripe | removexattr and fremovexattr
2. quota | removexattr and fremovexattr
Change-Id: I98e22109717978134378bc75b2eca83fefb2abba
BUG: 783525
Signed-off-by: Rajesh Amaravathi <rajesh@redhat.com>
Reviewed-on: http://review.gluster.com/2836
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Amar Tumballi <amarts@redhat.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Diffstat (limited to 'xlators')
| -rw-r--r-- | xlators/cluster/afr/src/afr-inode-write.c | 33 | ||||
| -rw-r--r-- | xlators/cluster/afr/src/pump.c | 14 | ||||
| -rw-r--r-- | xlators/cluster/dht/src/dht-common.c | 12 | ||||
| -rw-r--r-- | xlators/cluster/stripe/src/stripe.c | 128 | ||||
| -rw-r--r-- | xlators/features/quota/src/quota.c | 115 | ||||
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-geo-rep.c | 2 | ||||
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-handler.c | 2 | ||||
| -rw-r--r-- | xlators/mount/fuse/src/fuse-bridge.c | 6 | ||||
| -rw-r--r-- | xlators/protocol/client/src/client.c | 2 |
9 files changed, 245 insertions, 69 deletions
diff --git a/xlators/cluster/afr/src/afr-inode-write.c b/xlators/cluster/afr/src/afr-inode-write.c index 3dc1a418624..1d25949db71 100644 --- a/xlators/cluster/afr/src/afr-inode-write.c +++ b/xlators/cluster/afr/src/afr-inode-write.c @@ -1474,9 +1474,7 @@ afr_setxattr (call_frame_t *frame, xlator_t *this, int ret = -1; int op_errno = EINVAL; - VALIDATE_OR_GOTO (frame, out); VALIDATE_OR_GOTO (this, out); - VALIDATE_OR_GOTO (this->private, out); GF_IF_INTERNAL_XATTR_GOTO ("trusted.afr.*", dict, trav, op_errno, out); @@ -1484,6 +1482,9 @@ afr_setxattr (call_frame_t *frame, xlator_t *this, GF_IF_INTERNAL_XATTR_GOTO ("trusted.glusterfs.afr.*", dict, trav, op_errno, out); + VALIDATE_OR_GOTO (frame, out); + VALIDATE_OR_GOTO (this->private, out); + priv = this->private; QUORUM_CHECK(setxattr,out); @@ -1844,14 +1845,21 @@ int afr_removexattr (call_frame_t *frame, xlator_t *this, loc_t *loc, const char *name) { - afr_private_t * priv = NULL; - afr_local_t * local = NULL; - call_frame_t *transaction_frame = NULL; - int ret = -1; - int op_errno = 0; + afr_private_t *priv = NULL; + afr_local_t *local = NULL; + call_frame_t *transaction_frame = NULL; + int ret = -1; + int op_errno = 0; - VALIDATE_OR_GOTO (frame, out); VALIDATE_OR_GOTO (this, out); + + GF_IF_NATIVE_XATTR_GOTO ("trusted.afr.*", + name, op_errno, out); + + GF_IF_NATIVE_XATTR_GOTO ("trusted.glusterfs.afr.*", + name, op_errno, out); + + VALIDATE_OR_GOTO (frame, out); VALIDATE_OR_GOTO (this->private, out); VALIDATE_OR_GOTO (loc, out); @@ -2027,8 +2035,15 @@ afr_fremovexattr (call_frame_t *frame, xlator_t *this, int op_ret = -1; int op_errno = 0; - VALIDATE_OR_GOTO (frame, out); VALIDATE_OR_GOTO (this, out); + + GF_IF_NATIVE_XATTR_GOTO ("trusted.afr.*", + name, op_errno, out); + + GF_IF_NATIVE_XATTR_GOTO ("trusted.glusterfs.afr.*", + name, op_errno, out); + + VALIDATE_OR_GOTO (frame, out); VALIDATE_OR_GOTO (this->private, out); priv = this->private; diff --git a/xlators/cluster/afr/src/pump.c b/xlators/cluster/afr/src/pump.c index e795c38e096..9c6f9a52aee 100644 --- a/xlators/cluster/afr/src/pump.c +++ b/xlators/cluster/afr/src/pump.c @@ -2165,7 +2165,15 @@ pump_removexattr (call_frame_t *frame, loc_t *loc, const char *name) { - afr_private_t *priv = NULL; + afr_private_t *priv = NULL; + int op_errno = -1; + + VALIDATE_OR_GOTO (this, out); + + GF_IF_NATIVE_XATTR_GOTO ("trusted.glusterfs.pump*", + name, op_errno, out); + + op_errno = 0; priv = this->private; if (!priv->use_afr_in_pump) { STACK_WIND (frame, @@ -2177,6 +2185,10 @@ pump_removexattr (call_frame_t *frame, return 0; } afr_removexattr (frame, this, loc, name); + + out: + if (op_errno) + AFR_STACK_UNWIND (removexattr, frame, -1, op_errno); return 0; } diff --git a/xlators/cluster/dht/src/dht-common.c b/xlators/cluster/dht/src/dht-common.c index 0d0df320d72..d76abdd5965 100644 --- a/xlators/cluster/dht/src/dht-common.c +++ b/xlators/cluster/dht/src/dht-common.c @@ -2385,8 +2385,12 @@ dht_removexattr (call_frame_t *frame, xlator_t *this, int i; - VALIDATE_OR_GOTO (frame, err); VALIDATE_OR_GOTO (this, err); + + GF_IF_NATIVE_XATTR_GOTO ("trusted.glusterfs.dht*", + key, op_errno, err); + + VALIDATE_OR_GOTO (frame, err); VALIDATE_OR_GOTO (loc, err); VALIDATE_OR_GOTO (loc->inode, err); VALIDATE_OR_GOTO (loc->path, err); @@ -2444,9 +2448,13 @@ dht_fremovexattr (call_frame_t *frame, xlator_t *this, int i; - VALIDATE_OR_GOTO (frame, err); VALIDATE_OR_GOTO (this, err); + GF_IF_NATIVE_XATTR_GOTO ("trusted.glusterfs.dht*", + key, op_errno, err); + + VALIDATE_OR_GOTO (frame, err); + local = dht_local_init (frame, NULL, fd, GF_FOP_FREMOVEXATTR); if (!local) { op_errno = ENOMEM; diff --git a/xlators/cluster/stripe/src/stripe.c b/xlators/cluster/stripe/src/stripe.c index 227af8c9e33..5b1610724d4 100644 --- a/xlators/cluster/stripe/src/stripe.c +++ b/xlators/cluster/stripe/src/stripe.c @@ -4042,10 +4042,76 @@ stripe_fsetxattr (call_frame_t *frame, xlator_t *this, fd_t *fd, return 0; } +int +stripe_removexattr_cbk (call_frame_t *frame, void *cookie, + xlator_t *this, int32_t op_ret, int32_t op_errno) +{ + STRIPE_STACK_UNWIND (removexattr, frame, op_ret, op_errno); + return 0; +} + +int +stripe_removexattr (call_frame_t *frame, xlator_t *this, + loc_t *loc, const char *name) +{ + int32_t op_errno = EINVAL; + + VALIDATE_OR_GOTO (this, err); + + GF_IF_NATIVE_XATTR_GOTO ("trusted.*stripe*", + name, op_errno, err); + + VALIDATE_OR_GOTO (frame, err); + VALIDATE_OR_GOTO (loc, err); + + STACK_WIND (frame, stripe_removexattr_cbk, + FIRST_CHILD(this), + FIRST_CHILD(this)->fops->removexattr, + loc, name); + return 0; +err: + STRIPE_STACK_UNWIND (removexattr, frame, -1, op_errno); + return 0; +} + + +int +stripe_fremovexattr_cbk (call_frame_t *frame, void *cookie, + xlator_t *this, int32_t op_ret, int32_t op_errno) +{ + STRIPE_STACK_UNWIND (fremovexattr, frame, op_ret, op_errno); + return 0; +} + +int +stripe_fremovexattr (call_frame_t *frame, xlator_t *this, + fd_t *fd, const char *name) +{ + int32_t op_ret = -1; + int32_t op_errno = EINVAL; + + VALIDATE_OR_GOTO (frame, err); + VALIDATE_OR_GOTO (this, err); + VALIDATE_OR_GOTO (fd, err); + + GF_IF_NATIVE_XATTR_GOTO ("trusted.*stripe*", + name, op_errno, err); + + STACK_WIND (frame, stripe_fremovexattr_cbk, + FIRST_CHILD(this), + FIRST_CHILD(this)->fops->fremovexattr, + fd, name); + return 0; + err: + STRIPE_STACK_UNWIND (fremovexattr, frame, op_ret, op_errno); + return 0; +} + int32_t -stripe_readdirp_lookup_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, inode_t *inode, - struct iatt *stbuf, dict_t *xattr, struct iatt *parent) +stripe_readdirp_lookup_cbk (call_frame_t *frame, void *cookie, + xlator_t *this, int op_ret, int op_errno, + inode_t *inode, struct iatt *stbuf, + dict_t *xattr, struct iatt *parent) { stripe_local_t *local = NULL; call_frame_t *main_frame = NULL; @@ -4961,33 +5027,35 @@ out: } struct xlator_fops fops = { - .stat = stripe_stat, - .unlink = stripe_unlink, - .rename = stripe_rename, - .link = stripe_link, - .truncate = stripe_truncate, - .create = stripe_create, - .open = stripe_open, - .readv = stripe_readv, - .writev = stripe_writev, - .statfs = stripe_statfs, - .flush = stripe_flush, - .fsync = stripe_fsync, - .ftruncate = stripe_ftruncate, - .fstat = stripe_fstat, - .mkdir = stripe_mkdir, - .rmdir = stripe_rmdir, - .lk = stripe_lk, - .opendir = stripe_opendir, - .fsyncdir = stripe_fsyncdir, - .setattr = stripe_setattr, - .fsetattr = stripe_fsetattr, - .lookup = stripe_lookup, - .mknod = stripe_mknod, - .setxattr = stripe_setxattr, - .fsetxattr = stripe_fsetxattr, - .getxattr = stripe_getxattr, - .readdirp = stripe_readdirp, + .stat = stripe_stat, + .unlink = stripe_unlink, + .rename = stripe_rename, + .link = stripe_link, + .truncate = stripe_truncate, + .create = stripe_create, + .open = stripe_open, + .readv = stripe_readv, + .writev = stripe_writev, + .statfs = stripe_statfs, + .flush = stripe_flush, + .fsync = stripe_fsync, + .ftruncate = stripe_ftruncate, + .fstat = stripe_fstat, + .mkdir = stripe_mkdir, + .rmdir = stripe_rmdir, + .lk = stripe_lk, + .opendir = stripe_opendir, + .fsyncdir = stripe_fsyncdir, + .setattr = stripe_setattr, + .fsetattr = stripe_fsetattr, + .lookup = stripe_lookup, + .mknod = stripe_mknod, + .setxattr = stripe_setxattr, + .fsetxattr = stripe_fsetxattr, + .getxattr = stripe_getxattr, + .removexattr = stripe_removexattr, + .fremovexattr = stripe_fremovexattr, + .readdirp = stripe_readdirp, }; struct xlator_cbks cbks = { diff --git a/xlators/features/quota/src/quota.c b/xlators/features/quota/src/quota.c index d819ea7845c..844a0981dd8 100644 --- a/xlators/features/quota/src/quota.c +++ b/xlators/features/quota/src/quota.c @@ -2721,6 +2721,71 @@ quota_fsetxattr (call_frame_t *frame, xlator_t *this, fd_t *fd, } +int +quota_removexattr_cbk (call_frame_t *frame, void *cookie, + xlator_t *this, int32_t op_ret, int32_t op_errno) +{ + QUOTA_STACK_UNWIND (removexattr, frame, op_ret, op_errno); + return 0; +} + +int +quota_removexattr (call_frame_t *frame, xlator_t *this, + loc_t *loc, const char *name) +{ + int32_t op_errno = EINVAL; + + VALIDATE_OR_GOTO (this, err); + + GF_IF_NATIVE_XATTR_GOTO ("trusted.quota*", + name, op_errno, err); + + VALIDATE_OR_GOTO (frame, err); + VALIDATE_OR_GOTO (loc, err); + + STACK_WIND (frame, quota_removexattr_cbk, + FIRST_CHILD(this), + FIRST_CHILD(this)->fops->removexattr, + loc, name); + return 0; +err: + QUOTA_STACK_UNWIND (removexattr, frame, -1, op_errno); + return 0; +} + + +int +quota_fremovexattr_cbk (call_frame_t *frame, void *cookie, + xlator_t *this, int32_t op_ret, int32_t op_errno) +{ + QUOTA_STACK_UNWIND (fremovexattr, frame, op_ret, op_errno); + return 0; +} + +int +quota_fremovexattr (call_frame_t *frame, xlator_t *this, + fd_t *fd, const char *name) +{ + int32_t op_ret = -1; + int32_t op_errno = EINVAL; + + VALIDATE_OR_GOTO (frame, err); + VALIDATE_OR_GOTO (this, err); + VALIDATE_OR_GOTO (fd, err); + + GF_IF_NATIVE_XATTR_GOTO ("trusted.quota*", + name, op_errno, err); + + STACK_WIND (frame, quota_fremovexattr_cbk, + FIRST_CHILD(this), + FIRST_CHILD(this)->fops->fremovexattr, + fd, name); + return 0; + err: + QUOTA_STACK_UNWIND (fremovexattr, frame, op_ret, op_errno); + return 0; +} + int32_t quota_statfs_cbk (call_frame_t *frame, void *cookie, xlator_t *this, int32_t op_ret, int32_t op_errno, struct statvfs *buf) @@ -3054,30 +3119,32 @@ fini (xlator_t *this) struct xlator_fops fops = { - .statfs = quota_statfs, - .lookup = quota_lookup, - .writev = quota_writev, - .create = quota_create, - .mkdir = quota_mkdir, - .truncate = quota_truncate, - .ftruncate = quota_ftruncate, - .unlink = quota_unlink, - .symlink = quota_symlink, - .link = quota_link, - .rename = quota_rename, - .getxattr = quota_getxattr, - .fgetxattr = quota_fgetxattr, - .stat = quota_stat, - .fstat = quota_fstat, - .readlink = quota_readlink, - .readv = quota_readv, - .fsync = quota_fsync, - .setattr = quota_setattr, - .fsetattr = quota_fsetattr, - .mknod = quota_mknod, - .setxattr = quota_setxattr, - .fsetxattr = quota_fsetxattr, - .readdirp = quota_readdirp, + .statfs = quota_statfs, + .lookup = quota_lookup, + .writev = quota_writev, + .create = quota_create, + .mkdir = quota_mkdir, + .truncate = quota_truncate, + .ftruncate = quota_ftruncate, + .unlink = quota_unlink, + .symlink = quota_symlink, + .link = quota_link, + .rename = quota_rename, + .getxattr = quota_getxattr, + .fgetxattr = quota_fgetxattr, + .stat = quota_stat, + .fstat = quota_fstat, + .readlink = quota_readlink, + .readv = quota_readv, + .fsync = quota_fsync, + .setattr = quota_setattr, + .fsetattr = quota_fsetattr, + .mknod = quota_mknod, + .setxattr = quota_setxattr, + .fsetxattr = quota_fsetxattr, + .removexattr = quota_removexattr, + .fremovexattr = quota_fremovexattr, + .readdirp = quota_readdirp, }; struct xlator_cbks cbks = { diff --git a/xlators/mgmt/glusterd/src/glusterd-geo-rep.c b/xlators/mgmt/glusterd/src/glusterd-geo-rep.c index 3a62899f8b3..5e12e19961f 100644 --- a/xlators/mgmt/glusterd/src/glusterd-geo-rep.c +++ b/xlators/mgmt/glusterd/src/glusterd-geo-rep.c @@ -804,7 +804,7 @@ glusterd_store_slave_in_info (glusterd_volinfo_t *volinfo, char *slave, * assert an uuid mismatch */ t = strtail (slaveentry, host_uuid); - GF_ASSERT (!t || *t != ':') + GF_ASSERT (!t || *t != ':'); gf_log ("", GF_LOG_ERROR, GEOREP" has already been invoked for " "the %s (master) and %s (slave) " diff --git a/xlators/mgmt/glusterd/src/glusterd-handler.c b/xlators/mgmt/glusterd/src/glusterd-handler.c index b87c2cd8ec9..f446d2b58c5 100644 --- a/xlators/mgmt/glusterd/src/glusterd-handler.c +++ b/xlators/mgmt/glusterd/src/glusterd-handler.c @@ -2135,7 +2135,7 @@ glusterd_friend_add (const char *hoststr, int port, gf_boolean_t handover = _gf_false; conf = THIS->private; - GF_ASSERT (conf) + GF_ASSERT (conf); GF_ASSERT (hoststr); peerctx = GF_CALLOC (1, sizeof (*peerctx), gf_gld_mt_peerctx_t); diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c index b5059878845..3f3962cbc66 100644 --- a/xlators/mount/fuse/src/fuse-bridge.c +++ b/xlators/mount/fuse/src/fuse-bridge.c @@ -3009,6 +3009,12 @@ fuse_removexattr (xlator_t *this, fuse_in_header_t *finh, void *msg) int32_t ret = -1; char *newkey = NULL; + if (!strcmp (GFID_XATTR_KEY, name)) { + send_fuse_err (this, finh, EPERM); + GF_FREE (finh); + return; + } + priv = this->private; GET_STATE (this, finh, state); diff --git a/xlators/protocol/client/src/client.c b/xlators/protocol/client/src/client.c index 8fadc040010..19c8a62ee86 100644 --- a/xlators/protocol/client/src/client.c +++ b/xlators/protocol/client/src/client.c @@ -45,7 +45,7 @@ int client_mark_fd_bad (xlator_t *this); int32_t client_type_to_gf_type (short l_type) { - int32_t gf_type; + int32_t gf_type = GF_LK_EOL; switch (l_type) { case F_RDLCK: |