From e78fb59b75a455127c004dd751ebcc4af1b14124 Mon Sep 17 00:00:00 2001
From: Shehjar Tikoo <shehjart@gluster.com>
Date: Wed, 7 Apr 2010 07:25:39 +0000
Subject: nfs3: Allow all access to superuser except execute at all times

During building glusterfs from source, the make phase fails because the
access test by super user actually returns the access test bits using
only the user, group and other, without accounting for the special
status of super-user.

This results in a permission denied for the super-user.

Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>

BUG: 807 (GlusterFS compilation fails on NFS Client)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=807
---
 xlators/nfs/server/src/nfs3-helpers.c | 35 ++++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

(limited to 'xlators/nfs/server/src/nfs3-helpers.c')

diff --git a/xlators/nfs/server/src/nfs3-helpers.c b/xlators/nfs/server/src/nfs3-helpers.c
index 04454ee192c..93731ae4d88 100644
--- a/xlators/nfs/server/src/nfs3-helpers.c
+++ b/xlators/nfs/server/src/nfs3-helpers.c
@@ -618,6 +618,37 @@ nfs3_other_accessbits (ia_prot_t prot, ia_type_t type, uint32_t request)
 }
 
 
+uint32_t
+nfs3_superuser_accessbits (ia_prot_t prot, ia_type_t type, uint32_t request)
+{
+        uint32_t accresult = 0;
+
+        if (request & ACCESS3_READ)
+                accresult |= ACCESS3_READ;
+
+        if (request & ACCESS3_LOOKUP)
+                if (IA_ISDIR (type))
+                        accresult |= ACCESS3_LOOKUP;
+
+        if (request & ACCESS3_MODIFY)
+                accresult |= ACCESS3_MODIFY;
+
+        if (request & ACCESS3_EXTEND)
+                accresult |= ACCESS3_EXTEND;
+
+        /* ACCESS3_DELETE is ignored for now since that requires
+         * knowing the permissions on the parent directory.
+         */
+
+        if (request & ACCESS3_EXECUTE)
+                if ((IA_PROT_XOTH (prot) || IA_PROT_XUSR (prot) ||
+                     IA_PROT_XGRP (prot)) && (!IA_ISDIR (type)))
+                        accresult |= ACCESS3_EXECUTE;
+
+        return accresult;
+}
+
+
 uint32_t
 nfs3_stat_to_accessbits (struct iatt *buf, uint32_t request, uid_t uid,
                          gid_t gid)
@@ -629,7 +660,9 @@ nfs3_stat_to_accessbits (struct iatt *buf, uint32_t request, uid_t uid,
         prot = buf->ia_prot;
         type = buf->ia_type;
 
-        if (buf->ia_uid == uid)
+        if (uid == 0)
+                accresult = nfs3_superuser_accessbits (prot, type, request);
+        else if (buf->ia_uid == uid)
                 accresult = nfs3_owner_accessbits (prot, type, request);
         else if (buf->ia_gid == gid)
                 accresult = nfs3_group_accessbits (prot, type, request);
-- 
cgit