From 7f89cff0cdc63c4b6734bd2e3c56ee0e70957813 Mon Sep 17 00:00:00 2001 From: Kinglong Mee Date: Tue, 7 Aug 2018 09:30:37 +0800 Subject: posix-acl: skip acl_permits check when the owner setting GF_POSIX_ACL_xxxx Change-Id: Iaeea470d040587027f37e0760ae27c4fc205a189 fixes: bz#1613098 Signed-off-by: Kinglong Mee --- tests/basic/gfapi/bug1613098.c | 95 ++++++++++++++++++++++++++++++++ tests/basic/gfapi/bug1613098.t | 22 ++++++++ xlators/system/posix-acl/src/posix-acl.c | 19 ++++--- 3 files changed, 127 insertions(+), 9 deletions(-) create mode 100644 tests/basic/gfapi/bug1613098.c create mode 100755 tests/basic/gfapi/bug1613098.t diff --git a/tests/basic/gfapi/bug1613098.c b/tests/basic/gfapi/bug1613098.c new file mode 100644 index 00000000000..cdb69fdedfa --- /dev/null +++ b/tests/basic/gfapi/bug1613098.c @@ -0,0 +1,95 @@ +#include +#include +#include +#include + +#include +#include + +#define ACL_TYPE_ACCESS (0x8000) + +#define VALIDATE_AND_GOTO_LABEL_ON_ERROR(func, ret, label) do { \ + if (ret < 0) { \ + fprintf (stderr, "%s : returned error %d (%s)\n", \ + func, ret, strerror (errno)); \ + goto label; \ + } \ + } while (0) + +int +main (int argc, char *argv[]) +{ + int ret = -1; + int flags = O_RDWR|O_SYNC; + glfs_t *fs = NULL; + glfs_fd_t *fd = NULL; + char *volname = NULL; + char *logfile = NULL; + const char *filename = "file_tmp"; + struct glfs_object *object = NULL; + acl_t acl = NULL; + struct stat sb; + + if (argc != 3) { + fprintf (stderr, "Invalid argument\n"); + return 1; + } + + volname = argv[1]; + logfile = argv[2]; + + fs = glfs_new (volname); + if (!fs) + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_new", ret, out); + + ret = glfs_set_volfile_server (fs, "tcp", "localhost", 24007); + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_set_volfile_server", ret, out); + + ret = glfs_set_logging (fs, logfile, 7); + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_set_logging", ret, out); + + ret = glfs_init (fs); + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_init", ret, out); + + fd = glfs_creat(fs, filename, flags, 0044); + if (fd == NULL) { + ret = -1; + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_creat", ret, out); + } + glfs_close(fd); + + object = glfs_h_lookupat(fs, NULL, filename, NULL, 0); + if (object == NULL) { + ret = -1; + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_h_lookupat", ret, out); + } + + ret = glfs_chown(fs, filename, 99, 99); + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_chown", ret, out); + + ret = glfs_setfsuid(99); + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_setfsuid", ret, out); + + ret = glfs_setfsgid(99); + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_setfsgid", ret, out); + + acl = glfs_h_acl_get(fs, object, ACL_TYPE_ACCESS); + if (acl == NULL) { + ret = -1; + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_h_acl_get", ret, out); + } + + ret = glfs_h_acl_set(fs, object, ACL_TYPE_ACCESS, acl); + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_h_acl_get", ret, out); +out: + glfs_setfsuid(0); + glfs_setfsgid(0); + + if (object) + glfs_h_close(object); + + if (fs) + glfs_fini(fs); + + return ret; +} diff --git a/tests/basic/gfapi/bug1613098.t b/tests/basic/gfapi/bug1613098.t new file mode 100755 index 00000000000..e4acc2b76bf --- /dev/null +++ b/tests/basic/gfapi/bug1613098.t @@ -0,0 +1,22 @@ +#!/bin/bash + +. $(dirname $0)/../../include.rc +. $(dirname $0)/../../volume.rc + +TEST glusterd + +TEST $CLI volume create $V0 ${H0}:$B0/brick1; +EXPECT 'Created' volinfo_field $V0 'Status'; + +TEST $CLI volume start $V0; +EXPECT 'Started' volinfo_field $V0 'Status'; + +logdir=`gluster --print-logdir` + +build_tester $(dirname $0)/bug1613098.c -lgfapi + +TEST ./$(dirname $0)/bug1613098 $V0 $logdir/bug1613098.log + +cleanup_tester $(dirname $0)/bug1613098 + +cleanup; diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c index ccede3b1e8b..dd01d3e0f38 100644 --- a/xlators/system/posix-acl/src/posix-acl.c +++ b/xlators/system/posix-acl/src/posix-acl.c @@ -2010,13 +2010,10 @@ setxattr_scrutiny (call_frame_t *frame, inode_t *inode, dict_t *xattr) if (!ctx) return EIO; - if (dict_get (xattr, POSIX_ACL_ACCESS_XATTR)) { - found = 1; - if (!frame_is_user (frame, ctx->uid)) - return EPERM; - } - - if (dict_get (xattr, POSIX_ACL_DEFAULT_XATTR)) { + if (dict_get (xattr, POSIX_ACL_ACCESS_XATTR) || + dict_get (xattr, POSIX_ACL_DEFAULT_XATTR) || + dict_get (xattr, GF_POSIX_ACL_ACCESS) || + dict_get (xattr, GF_POSIX_ACL_DEFAULT)) { found = 1; if (!frame_is_user (frame, ctx->uid)) return EPERM; @@ -2176,7 +2173,9 @@ posix_acl_setxattr (call_frame_t *frame, xlator_t *this, loc_t *loc, if (op_errno != 0) goto red; - posix_acl_setxattr_update (this, loc->inode, xattr); + if (dict_get (xattr, POSIX_ACL_ACCESS_XATTR) || + dict_get (xattr, POSIX_ACL_DEFAULT_XATTR)) + posix_acl_setxattr_update (this, loc->inode, xattr); /* * inode is required in call back function to update the context @@ -2214,7 +2213,9 @@ posix_acl_fsetxattr (call_frame_t *frame, xlator_t *this, fd_t *fd, if (op_errno != 0) goto red; - posix_acl_setxattr_update (this, fd->inode, xattr); + if (dict_get (xattr, POSIX_ACL_ACCESS_XATTR) || + dict_get (xattr, POSIX_ACL_DEFAULT_XATTR)) + posix_acl_setxattr_update (this, fd->inode, xattr); STACK_WIND (frame, posix_acl_fsetxattr_cbk, FIRST_CHILD(this), FIRST_CHILD(this)->fops->fsetxattr, -- cgit