diff options
author | Csaba Henk <csaba@gluster.com> | 2011-07-30 16:45:50 +0300 |
---|---|---|
committer | Vijay Bellur <vijay@gluster.com> | 2011-09-12 06:22:51 -0700 |
commit | 78170472e6c7f0bce95ab035cc4ed86ec662e80d (patch) | |
tree | 336328e8359b21bb41bf2f293100745410e87e5f | |
parent | 32b96d66890a16fd23c8ae065297c7a98097d340 (diff) |
add --user-map-root option
This makes client fake that given user is a superuser,
by changing FUSE requests coming with uid of user so that uid
is set to 0.
User can be given in numeric form, in which case it's treated
as an uid directly, or else it's tried to be resolved to an
uid with getpwnam(3).
Implies --acl.
Change-Id: I2d5a3d3e178be7ffdf22b46a56f33a7eeaaa7fe1
BUG: 3242
Reviewed-on: http://review.gluster.com/127
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
-rw-r--r-- | glusterfsd/src/glusterfsd.c | 24 | ||||
-rw-r--r-- | glusterfsd/src/glusterfsd.h | 1 | ||||
-rw-r--r-- | libglusterfs/src/glusterfs.h | 2 | ||||
-rw-r--r-- | xlators/mount/fuse/src/fuse-bridge.c | 14 | ||||
-rw-r--r-- | xlators/mount/fuse/src/fuse-bridge.h | 1 |
5 files changed, 42 insertions, 0 deletions
diff --git a/glusterfsd/src/glusterfsd.c b/glusterfsd/src/glusterfsd.c index b79753519..42d3916d9 100644 --- a/glusterfsd/src/glusterfsd.c +++ b/glusterfsd/src/glusterfsd.c @@ -39,6 +39,7 @@ #include <time.h> #include <semaphore.h> #include <errno.h> +#include <pwd.h> #ifndef _CONFIG_H #define _CONFIG_H @@ -176,6 +177,8 @@ static struct argp_option gf_options[] = { "[default: 1]"}, {"client-pid", ARGP_CLIENT_PID_KEY, "PID", OPTION_HIDDEN, "client will authenticate itself with process id PID to server"}, + {"user-map-root", ARGP_USER_MAP_ROOT_KEY, "USER", OPTION_HIDDEN, + "replace USER with root in messages"}, {"dump-fuse", ARGP_DUMP_FUSE_KEY, "PATH", 0, "Dump fuse traffic to PATH"}, {"volfile-check", ARGP_VOLFILE_CHECK_KEY, 0, 0, @@ -276,6 +279,17 @@ create_fuse_mount (glusterfs_ctx_t *ctx) } } + if (cmd_args->uid_map_root) { + ret = dict_set_int32 (master->options, "uid-map-root", + cmd_args->uid_map_root); + if (ret < 0) { + gf_log ("glusterfsd", GF_LOG_ERROR, + "failed to set dict value for key %s", + "uid-map-root"); + goto err; + } + } + if (cmd_args->volfile_check) { ret = dict_set_int32 (master->options, ZR_STRICT_VOLFILE_CHECK, cmd_args->volfile_check); @@ -485,6 +499,7 @@ parse_opts (int key, char *arg, struct argp_state *state) char tmp_buf[2048] = {0,}; char *tmp_str = NULL; char *port_str = NULL; + struct passwd *pw = NULL; cmd_args = state->input; @@ -678,6 +693,15 @@ parse_opts (int key, char *arg, struct argp_state *state) "unknown client pid %s", arg); break; + case ARGP_USER_MAP_ROOT_KEY: + pw = getpwnam (arg); + if (pw) + cmd_args->uid_map_root = pw->pw_uid; + else + argp_failure (state, -1, 0, + "user %s does not exist", arg); + break; + case ARGP_VOLFILE_CHECK_KEY: cmd_args->volfile_check = 1; break; diff --git a/glusterfsd/src/glusterfsd.h b/glusterfsd/src/glusterfsd.h index 847cfb63f..5106559c1 100644 --- a/glusterfsd/src/glusterfsd.h +++ b/glusterfsd/src/glusterfsd.h @@ -78,6 +78,7 @@ enum argp_option_keys { ARGP_CLIENT_PID_KEY = 153, ARGP_ACL_KEY = 154, ARGP_WORM_KEY = 155, + ARGP_USER_MAP_ROOT_KEY = 156, }; int glusterfs_mgmt_pmap_signout (glusterfs_ctx_t *ctx); diff --git a/libglusterfs/src/glusterfs.h b/libglusterfs/src/glusterfs.h index 049bb8fc0..316fc086d 100644 --- a/libglusterfs/src/glusterfs.h +++ b/libglusterfs/src/glusterfs.h @@ -291,6 +291,8 @@ struct _cmd_args { char *dump_fuse; pid_t client_pid; int client_pid_set; + unsigned uid_map_root; + /* key args */ char *mount_point; diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c index 29e9787ed..174938a68 100644 --- a/xlators/mount/fuse/src/fuse-bridge.c +++ b/xlators/mount/fuse/src/fuse-bridge.c @@ -3211,6 +3211,10 @@ fuse_thread_proc (void *data) msg = finh + 1; } + if (priv->uid_map_root && + finh->uid == priv->uid_map_root) + finh->uid = 0; + #ifdef GF_DARWIN_HOST_OS if (finh->opcode >= FUSE_OP_HIGH) /* turn down MacFUSE specific messages */ @@ -3599,6 +3603,11 @@ init (xlator_t *this_xl) if (ret == 0) priv->client_pid_set = _gf_true; + ret = dict_get_uint32 (options, "uid-map-root", + &priv->uid_map_root); + if (ret != 0) + priv->uid_map_root = 0; + priv->direct_io_mode = 2; ret = dict_get_str (options, ZR_DIRECT_IO_OPT, &value_string); if (ret == 0) { @@ -3620,6 +3629,8 @@ init (xlator_t *this_xl) ret = gf_string2boolean (value_string, &priv->acl); GF_ASSERT (ret == 0); } + if (priv->uid_map_root) + priv->acl = 1; priv->fuse_dump_fd = -1; @@ -3779,6 +3790,9 @@ struct volume_options options[] = { { .key = {"client-pid"}, .type = GF_OPTION_TYPE_INT }, + { .key = {"uid-map-root"}, + .type = GF_OPTION_TYPE_INT + }, { .key = {"sync-mtab"}, .type = GF_OPTION_TYPE_BOOL }, diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h index 954db3c27..c729c9468 100644 --- a/xlators/mount/fuse/src/fuse-bridge.h +++ b/xlators/mount/fuse/src/fuse-bridge.h @@ -106,6 +106,7 @@ struct fuse_private { pid_t client_pid; gf_boolean_t client_pid_set; + unsigned uid_map_root; gf_boolean_t acl; }; typedef struct fuse_private fuse_private_t; |