summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorShehjar Tikoo <shehjart@gluster.com>2009-12-03 05:15:09 +0000
committerAnand V. Avati <avati@dev.gluster.com>2009-12-03 02:59:28 -0800
commit5821d2cf591789760e790d4af0575d1b9754c08d (patch)
treebc1c51179718031180f3bdacf54fb66176aa42c1
parent930f709881d85774baab1df57c2c03de93110bf7 (diff)
core, client, server: Support auxiliary group ids
Support for auxiliary group ids is needed for transmission of more than one group id right through the xlator tree so that posix can use these group ids to perform in-house permission tests. The in-house permission checks are needed so that we do not have to depend on non-POSIX calls like setfs[ug]id for changing the user for each fop. The setfs[ug]id are also limited since they do not allow setting multiple group id as required for operation with NFS, which sends us all the group ids for a process issuing file system requests. Signed-off-by: Shehjar Tikoo <shehjart@gluster.com> Signed-off-by: Anand V. Avati <avati@dev.gluster.com> BUG: 400 (Support auxiliary gids in GlusterFS) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=400
-rw-r--r--libglusterfs/src/protocol.h14
-rw-r--r--libglusterfs/src/stack.h6
-rw-r--r--xlators/protocol/client/src/client-protocol.c19
-rw-r--r--xlators/protocol/server/src/server-protocol.c21
4 files changed, 60 insertions, 0 deletions
diff --git a/libglusterfs/src/protocol.h b/libglusterfs/src/protocol.h
index ede5adae4..450e38731 100644
--- a/libglusterfs/src/protocol.h
+++ b/libglusterfs/src/protocol.h
@@ -959,10 +959,24 @@ typedef struct {
typedef struct { } __attribute__((packed)) gf_cbk_forget_rsp_t;
+/* This corresponds to the max 16 number of group IDs that are sent through an
+ * RPC request. Since NFS is the only one going to set this, we can be safe
+ * in keeping this size hardcoded.
+ */
+#define GF_REQUEST_MAXGROUPS 16
+
typedef struct {
uint32_t pid;
uint32_t uid;
uint32_t gid;
+
+ /* Number of groups being sent through the array above. */
+ uint32_t ngrps;
+
+ /* Array of groups to which the uid belongs apart from the primary group
+ * in gid.
+ */
+ uint32_t groups[GF_REQUEST_MAXGROUPS];
} __attribute__ ((packed)) gf_hdr_req_t;
diff --git a/libglusterfs/src/stack.h b/libglusterfs/src/stack.h
index d4941a39f..0af9ed359 100644
--- a/libglusterfs/src/stack.h
+++ b/libglusterfs/src/stack.h
@@ -42,6 +42,7 @@ typedef struct _call_pool_t call_pool_t;
#include "list.h"
#include "common-utils.h"
#include "globals.h"
+#include "protocol.h"
typedef int32_t (*ret_fn_t) (call_frame_t *frame,
@@ -92,6 +93,8 @@ struct _call_stack_t {
uid_t uid;
gid_t gid;
pid_t pid;
+ uint32_t ngrps;
+ uint32_t groups[GF_REQUEST_MAXGROUPS];
call_frame_t frames;
int32_t op;
@@ -253,6 +256,9 @@ copy_frame (call_frame_t *frame)
newstack->uid = oldstack->uid;
newstack->gid = oldstack->gid;
newstack->pid = oldstack->pid;
+ newstack->ngrps = oldstack->ngrps;
+ memcpy (newstack->groups, oldstack->groups,
+ sizeof (uint32_t) * GF_REQUEST_MAXGROUPS);
newstack->unique = oldstack->unique;
newstack->frames.this = frame->this;
diff --git a/xlators/protocol/client/src/client-protocol.c b/xlators/protocol/client/src/client-protocol.c
index d0f33e730..3ad41009c 100644
--- a/xlators/protocol/client/src/client-protocol.c
+++ b/xlators/protocol/client/src/client-protocol.c
@@ -539,6 +539,24 @@ out:
}
int
+client_encode_groups (call_frame_t *frame, gf_hdr_common_t *hdr)
+{
+ int i = 0;
+ if ((!frame) || (!hdr))
+ return -1;
+
+ hdr->req.ngrps = hton32 (frame->root->ngrps);
+ if (frame->root->ngrps == 0)
+ return 0;
+
+ for (; i < frame->root->ngrps; ++i)
+ hdr->req.groups[i] = hton32 (frame->root->groups[i]);
+
+ return 0;
+}
+
+
+int
protocol_client_xfer (call_frame_t *frame, xlator_t *this, transport_t *trans,
int type, int op,
gf_hdr_common_t *hdr, size_t hdrlen,
@@ -572,6 +590,7 @@ protocol_client_xfer (call_frame_t *frame, xlator_t *this, transport_t *trans,
hdr->req.uid = hton32 (frame->root->uid);
hdr->req.gid = hton32 (frame->root->gid);
hdr->req.pid = hton32 (frame->root->pid);
+ client_encode_groups (frame, hdr);
}
if (conn->connected == 0)
diff --git a/xlators/protocol/server/src/server-protocol.c b/xlators/protocol/server/src/server-protocol.c
index b7b644765..94a1ded32 100644
--- a/xlators/protocol/server/src/server-protocol.c
+++ b/xlators/protocol/server/src/server-protocol.c
@@ -6108,6 +6108,26 @@ out:
return frame;
}
+
+int
+server_decode_groups (call_frame_t *frame, gf_hdr_common_t *hdr)
+{
+ int i = 0;
+
+ if ((!frame) || (!hdr))
+ return 0;
+
+ frame->root->ngrps = ntoh32 (hdr->req.ngrps);
+ if (frame->root->ngrps == 0)
+ return 0;
+
+ for (; i < frame->root->ngrps; ++i)
+ frame->root->groups[i] = ntoh32 (hdr->req.groups[i]);
+
+ return 0;
+}
+
+
/*
* get_frame_for_call - create a frame into the capable of
* generating and replying the reply packet by itself.
@@ -6134,6 +6154,7 @@ get_frame_for_call (transport_t *trans, gf_hdr_common_t *hdr)
frame->root->unique = ntoh64 (hdr->callid); /* which call */
frame->root->gid = ntoh32 (hdr->req.gid);
frame->root->pid = ntoh32 (hdr->req.pid);
+ server_decode_groups (frame, hdr);
return frame;
}