From 36cedb338ec1d021e189379f30100f0d983e3e01 Mon Sep 17 00:00:00 2001 From: Rajesh Amaravathi Date: Tue, 6 Dec 2011 11:35:33 +0530 Subject: core/setxattr: prevent users from setting glusterfs xattrs * Each xlator prevents the user from setting glusterfs-internal xattrs like trusted.gfid by handling it in respective setxattr functions. The speacial case of trusted.gfid is handled in fuse (Not in posix because posix_setxattr is used to set gfid). * For xlators which did not define setxattr and/or fsetxattr, the functions have been implemented with appropriate checks. xlator | fops-added _______________|__________________________ | 1. afr | fsetxattr 2. stripe | setxatrr and fsetxattr 3. quota | setxattr and fsetxattr Change-Id: Ib62abb7067415b23a708002f884d30e8866fbf48 BUG: 765487 Signed-off-by: Rajesh Amaravathi Reviewed-on: http://review.gluster.com/685 Tested-by: Gluster Build System Reviewed-by: Amar Tumballi --- libglusterfs/src/common-utils.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'libglusterfs') diff --git a/libglusterfs/src/common-utils.h b/libglusterfs/src/common-utils.h index 6045cd3efe0..4e7f981b3fe 100644 --- a/libglusterfs/src/common-utils.h +++ b/libglusterfs/src/common-utils.h @@ -176,6 +176,25 @@ extern char *gf_mgmt_list[GF_MGMT_MAXVALUE]; } while (0); \ +#define GF_IF_INTERNAL_XATTR_GOTO(pattern, dict, trav, op_errno, label) \ + do{ \ + if (!dict) { \ + gf_log (THIS->name, GF_LOG_ERROR, \ + "setxattr dict is null"); \ + goto label; \ + } \ + trav = dict->members_list; \ + while (trav) { \ + if (!fnmatch (pattern, trav->key, 0)) { \ + gf_log (THIS->name, GF_LOG_ERROR, \ + "attempt to set internal" \ + " xattr: %s", trav->key); \ + op_errno = EPERM; \ + goto label; \ + } \ + trav = trav->next; \ + } \ + } while(0); \ #define GF_FILE_CONTENT_REQUESTED(_xattr_req,_content_limit) \ (dict_get_uint64 (_xattr_req, "glusterfs.content", _content_limit) == 0) -- cgit