diff options
author | Shehjar Tikoo <shehjart@gluster.com> | 2009-12-03 05:15:09 +0000 |
---|---|---|
committer | Anand V. Avati <avati@dev.gluster.com> | 2009-12-03 02:59:28 -0800 |
commit | 5821d2cf591789760e790d4af0575d1b9754c08d (patch) | |
tree | bc1c51179718031180f3bdacf54fb66176aa42c1 | |
parent | 930f709881d85774baab1df57c2c03de93110bf7 (diff) |
core, client, server: Support auxiliary group ids
Support for auxiliary group ids is needed for transmission
of more than one group id right through the xlator tree
so that posix can use these group ids to perform
in-house permission tests. The in-house permission checks are
needed so that we do not have to depend on non-POSIX calls
like setfs[ug]id for changing the user for each fop.
The setfs[ug]id are also limited since they do not allow setting
multiple group id as required for operation with NFS, which sends
us all the group ids for a process issuing file system requests.
Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 400 (Support auxiliary gids in GlusterFS)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=400
-rw-r--r-- | libglusterfs/src/protocol.h | 14 | ||||
-rw-r--r-- | libglusterfs/src/stack.h | 6 | ||||
-rw-r--r-- | xlators/protocol/client/src/client-protocol.c | 19 | ||||
-rw-r--r-- | xlators/protocol/server/src/server-protocol.c | 21 |
4 files changed, 60 insertions, 0 deletions
diff --git a/libglusterfs/src/protocol.h b/libglusterfs/src/protocol.h index ede5adae4..450e38731 100644 --- a/libglusterfs/src/protocol.h +++ b/libglusterfs/src/protocol.h @@ -959,10 +959,24 @@ typedef struct { typedef struct { } __attribute__((packed)) gf_cbk_forget_rsp_t; +/* This corresponds to the max 16 number of group IDs that are sent through an + * RPC request. Since NFS is the only one going to set this, we can be safe + * in keeping this size hardcoded. + */ +#define GF_REQUEST_MAXGROUPS 16 + typedef struct { uint32_t pid; uint32_t uid; uint32_t gid; + + /* Number of groups being sent through the array above. */ + uint32_t ngrps; + + /* Array of groups to which the uid belongs apart from the primary group + * in gid. + */ + uint32_t groups[GF_REQUEST_MAXGROUPS]; } __attribute__ ((packed)) gf_hdr_req_t; diff --git a/libglusterfs/src/stack.h b/libglusterfs/src/stack.h index d4941a39f..0af9ed359 100644 --- a/libglusterfs/src/stack.h +++ b/libglusterfs/src/stack.h @@ -42,6 +42,7 @@ typedef struct _call_pool_t call_pool_t; #include "list.h" #include "common-utils.h" #include "globals.h" +#include "protocol.h" typedef int32_t (*ret_fn_t) (call_frame_t *frame, @@ -92,6 +93,8 @@ struct _call_stack_t { uid_t uid; gid_t gid; pid_t pid; + uint32_t ngrps; + uint32_t groups[GF_REQUEST_MAXGROUPS]; call_frame_t frames; int32_t op; @@ -253,6 +256,9 @@ copy_frame (call_frame_t *frame) newstack->uid = oldstack->uid; newstack->gid = oldstack->gid; newstack->pid = oldstack->pid; + newstack->ngrps = oldstack->ngrps; + memcpy (newstack->groups, oldstack->groups, + sizeof (uint32_t) * GF_REQUEST_MAXGROUPS); newstack->unique = oldstack->unique; newstack->frames.this = frame->this; diff --git a/xlators/protocol/client/src/client-protocol.c b/xlators/protocol/client/src/client-protocol.c index d0f33e730..3ad41009c 100644 --- a/xlators/protocol/client/src/client-protocol.c +++ b/xlators/protocol/client/src/client-protocol.c @@ -539,6 +539,24 @@ out: } int +client_encode_groups (call_frame_t *frame, gf_hdr_common_t *hdr) +{ + int i = 0; + if ((!frame) || (!hdr)) + return -1; + + hdr->req.ngrps = hton32 (frame->root->ngrps); + if (frame->root->ngrps == 0) + return 0; + + for (; i < frame->root->ngrps; ++i) + hdr->req.groups[i] = hton32 (frame->root->groups[i]); + + return 0; +} + + +int protocol_client_xfer (call_frame_t *frame, xlator_t *this, transport_t *trans, int type, int op, gf_hdr_common_t *hdr, size_t hdrlen, @@ -572,6 +590,7 @@ protocol_client_xfer (call_frame_t *frame, xlator_t *this, transport_t *trans, hdr->req.uid = hton32 (frame->root->uid); hdr->req.gid = hton32 (frame->root->gid); hdr->req.pid = hton32 (frame->root->pid); + client_encode_groups (frame, hdr); } if (conn->connected == 0) diff --git a/xlators/protocol/server/src/server-protocol.c b/xlators/protocol/server/src/server-protocol.c index b7b644765..94a1ded32 100644 --- a/xlators/protocol/server/src/server-protocol.c +++ b/xlators/protocol/server/src/server-protocol.c @@ -6108,6 +6108,26 @@ out: return frame; } + +int +server_decode_groups (call_frame_t *frame, gf_hdr_common_t *hdr) +{ + int i = 0; + + if ((!frame) || (!hdr)) + return 0; + + frame->root->ngrps = ntoh32 (hdr->req.ngrps); + if (frame->root->ngrps == 0) + return 0; + + for (; i < frame->root->ngrps; ++i) + frame->root->groups[i] = ntoh32 (hdr->req.groups[i]); + + return 0; +} + + /* * get_frame_for_call - create a frame into the capable of * generating and replying the reply packet by itself. @@ -6134,6 +6154,7 @@ get_frame_for_call (transport_t *trans, gf_hdr_common_t *hdr) frame->root->unique = ntoh64 (hdr->callid); /* which call */ frame->root->gid = ntoh32 (hdr->req.gid); frame->root->pid = ntoh32 (hdr->req.pid); + server_decode_groups (frame, hdr); return frame; } |