| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
on linux systems, with open(), we can get below flag as per
'linux/fs.h'.
/* File is opened for execution with sys_execve / sys_uselib */
Instead of adding '#include <linux/fs.h>, its better to copy this
absolute number into other variable because then we have to deal
with declaring fmode_t etc etc..
With the fix, we can handle the file with '0711' permissions in
the same way as backend linux filesystems.
Change-Id: Ib1097fc0d2502af89c92d561eb4123cba15713f5
Signed-off-by: Amar Tumballi <amarts@redhat.com>
Reviewed-on: http://review.gluster.com/3739
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Tested-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Anand Avati <avati@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
See comments in http://bugzilla.redhat.com/839925 for
the code to perform this change.
Signed-off-by: Jim Meyering <meyering@redhat.com>
BUG: 839925
Change-Id: I10e4ecff16c3749fe17c2831c516737e08a3205a
Reviewed-on: http://review.gluster.com/3661
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Send acl xattrs, if present in the xattrs returned during lookup, during
directory self-heal.
Change-Id: I5337bbd3f3963aeed500a8a552e5f6713089b53e
BUG: 764787
Signed-off-by: Kaushal M <kaushal@redhat.com>
Reviewed-on: http://review.gluster.com/737
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
with this change, the xlator APIs will have a dictionary as extra
argument, which is passed between all the layers. This can be
utilized for overloading in some of the operations.
Change-Id: I58a8186b3ef647650280e63f3e5e9b9de7827b40
Signed-off-by: Amar Tumballi <amarts@redhat.com>
BUG: 782265
Reviewed-on: http://review.gluster.com/2960
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
unref. the acl pointers from posix_acl_get()
Change-Id: I1247f64ceded17bfa204d1b899ec56a27bef0cdb
Signed-off-by: Brian Foster <bfoster@redhat.com>
BUG: 801183
Reviewed-on: http://review.gluster.com/2904
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If an entry includes no ACL returned via dictionary, it is possible
to skip down to acl_set without updating acl_access and/or
acl_default. If either are set from the previous iteration, the
unrelated ACLs are set to the current entry. Use a single set of
pointers to ensure that valid ACLs are always set.
Change-Id: Ia94887ded91845bc39d4d5e95ef00d190681e517
BUG: 801183
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-on: http://review.gluster.com/2903
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
needed to implement a proper handling of open flag alterations
using fcntl() on fd.
Change-Id: Ic280d5db6f1dc0418d5c439abb8db1d3ac21ced0
Signed-off-by: Amar Tumballi <amar@gluster.com>
BUG: 782265
Reviewed-on: http://review.gluster.com/2723
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
readdirp_req() call sends a dict_t * as an argument, which
contains all the xattr keys for which the entries got in
readdirp_rsp() are having xattr value filled dictionary.
Change-Id: I8b7e1290740ea3e884e67d19156ce849227167c0
Signed-off-by: Amar Tumballi <amar@gluster.com>
BUG: 765785
Reviewed-on: http://review.gluster.com/771
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FUSE used to interpret the umask itself. That was a bad idea, since
there are cases where umask is not applied, such as when extended POSIX
ACLs are present and default ACLs are set on parent directory.
The FUSE bridge was changed to send original mode with umask (alongside
masked mode, for compatibility). If that is the case, we decide whether
to apply the umask or not in the posix-acl translator depending on
whether a default umask is set, or not.
The original, broken, behavior is preserved in following cases:
* Unpatched client (not sending umask with original mode)
* Unpatched server (not understanding umask with original mode)
* Old FUSE on client side (FUSE < 7.12 or linux < 2.6.31)
(can not find out the umask and original mode)
Change-Id: I2e3bfc4c7c9611bc51119ca5c8e28f6582677516
Signed-off-by: Lubomir Rintel <lubo.rintel@gooddata.com>
Tested-by: Lubomir Rintel <lubo.rintel@gooddata.com>
BUG: 765508
Reviewed-on: http://review.gluster.com/668
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: shishir gowda <shishirng@gluster.com>
Change-Id: I6cd3a9c3a513cc2a998b82610613bbfa0622eec4
BUG: 767862
Reviewed-on: http://review.gluster.com/811
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Amar Tumballi <amar@gluster.com>
|
| |
|
|
|
|
|
|
|
|
| |
with this patch, there are no more warnings with gcc (GCC) 4.6.1 20110908
Change-Id: Ice0d52d304b9846395f8a4a191c98eb53125f792
BUG: 2550
Reviewed-on: http://review.gluster.com/607
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In configurations with a uid mapper, super user ID could be mapped
to a non-zero value. Hence making it configurable in access control
would be necessary for proper super-user semantics.
Change-Id: I51e8e0395680e9b96a99657a0af547659bd9affe
BUG: 2815
Reviewed-on: http://review.gluster.com/332
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While inheriting the ACLs from a directory that has default ACLs, make sure
that the mode flags set by the application are saved. It is required to
inherit only the Read, Write and Execute permissions while leaving the others
viz. setuid, setgid and sticky bit untouched hence honouring the requests made
by the application during create operations (mknod, mkdir et al).
For a description of the problem, root cause and evaluation, refer:
http://bugs.gluster.com/show_bug.cgi?id=3522
Change-Id: I994077fb321a35d8254f0cc5a7de99a17ec40c47
BUG: 3522
Reviewed-on: http://review.gluster.com/368
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes ~200 such warnings, but leaves three categories untouched.
(1) Rpcgen code.
(2) Macros which set variables in the outer (calling function) scope.
(3) Variables which are set via function calls which may have side effects.
Change-Id: I6554555f78ed26134251504b038da7e94adacbcd
BUG: 2550
Reviewed-on: http://review.gluster.com/371
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If write calls are coming in through an fd with O_RDWR or O_WRONLY
flag then a permission check is unnecessary. However writes from
NFS ideally need a "stateless" check in each call and this results
in a permission failure due to the read-only mode (disregarding the
FD's writeability).
For now it is acceptable to disable write checks as almost always
the NFS client would already be doing such basic access control.
Also because the previous access-control translator (prior to
posix ACL introduction) too was permitting writes and reads
unconditionally.
In fact the Linux KNFS server too assumes the NFS client would have
done the permission check.
Change-Id: I33e5de8911a87881f9341b8b92574780c2dfbeba
BUG: 3388
Reviewed-on: http://review.gluster.com/208
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
|
| |
|
|
|
|
|
|
| |
Change-Id: I3914467611e573cccee0d22df93920cf1b2eb79f
BUG: 3348
Reviewed-on: http://review.gluster.com/182
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 2815 (Server-enforced ACLs)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 2815 (Server-enforced ACLs)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
|
| |
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 3057 (acl permissions don't work on nfs mount)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
BUG: 3057 (acl permissions don't work on nfs mount)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The permission check is same as that of posix. We break the requests
into single checks, aggregate all the valid modes and return in reply.
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Vijay Bellur <vijay@gluster.com>
BUG: 3057 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 3057 (acl permissions don't work on nfs mount)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The backend permissions returned in stat for group is already masked
value. Use the xattr value
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Vijay Bellur <vijay@gluster.com>
BUG: 3102 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3102
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 3102 (Read calls go ahead even when the group has no permissions)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3102
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Vijay Bellur <vijay@gluster.com>
BUG: 3057 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 3057 (acl permissions don't work on nfs mount)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
|
| |
|
|
|
|
|
| |
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 2815 (Server-enforced ACLs)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
|
|
|
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 2815 (Server-enforced ACLs)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
|
