summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCsaba Henk <csaba@gluster.com>2011-07-30 16:45:50 +0300
committerVijay Bellur <vijay@gluster.com>2011-09-12 06:22:51 -0700
commit78170472e6c7f0bce95ab035cc4ed86ec662e80d (patch)
tree336328e8359b21bb41bf2f293100745410e87e5f
parent32b96d66890a16fd23c8ae065297c7a98097d340 (diff)
add --user-map-root option
This makes client fake that given user is a superuser, by changing FUSE requests coming with uid of user so that uid is set to 0. User can be given in numeric form, in which case it's treated as an uid directly, or else it's tried to be resolved to an uid with getpwnam(3). Implies --acl. Change-Id: I2d5a3d3e178be7ffdf22b46a56f33a7eeaaa7fe1 BUG: 3242 Reviewed-on: http://review.gluster.com/127 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com>
-rw-r--r--glusterfsd/src/glusterfsd.c24
-rw-r--r--glusterfsd/src/glusterfsd.h1
-rw-r--r--libglusterfs/src/glusterfs.h2
-rw-r--r--xlators/mount/fuse/src/fuse-bridge.c14
-rw-r--r--xlators/mount/fuse/src/fuse-bridge.h1
5 files changed, 42 insertions, 0 deletions
diff --git a/glusterfsd/src/glusterfsd.c b/glusterfsd/src/glusterfsd.c
index b79753519..42d3916d9 100644
--- a/glusterfsd/src/glusterfsd.c
+++ b/glusterfsd/src/glusterfsd.c
@@ -39,6 +39,7 @@
#include <time.h>
#include <semaphore.h>
#include <errno.h>
+#include <pwd.h>
#ifndef _CONFIG_H
#define _CONFIG_H
@@ -176,6 +177,8 @@ static struct argp_option gf_options[] = {
"[default: 1]"},
{"client-pid", ARGP_CLIENT_PID_KEY, "PID", OPTION_HIDDEN,
"client will authenticate itself with process id PID to server"},
+ {"user-map-root", ARGP_USER_MAP_ROOT_KEY, "USER", OPTION_HIDDEN,
+ "replace USER with root in messages"},
{"dump-fuse", ARGP_DUMP_FUSE_KEY, "PATH", 0,
"Dump fuse traffic to PATH"},
{"volfile-check", ARGP_VOLFILE_CHECK_KEY, 0, 0,
@@ -276,6 +279,17 @@ create_fuse_mount (glusterfs_ctx_t *ctx)
}
}
+ if (cmd_args->uid_map_root) {
+ ret = dict_set_int32 (master->options, "uid-map-root",
+ cmd_args->uid_map_root);
+ if (ret < 0) {
+ gf_log ("glusterfsd", GF_LOG_ERROR,
+ "failed to set dict value for key %s",
+ "uid-map-root");
+ goto err;
+ }
+ }
+
if (cmd_args->volfile_check) {
ret = dict_set_int32 (master->options, ZR_STRICT_VOLFILE_CHECK,
cmd_args->volfile_check);
@@ -485,6 +499,7 @@ parse_opts (int key, char *arg, struct argp_state *state)
char tmp_buf[2048] = {0,};
char *tmp_str = NULL;
char *port_str = NULL;
+ struct passwd *pw = NULL;
cmd_args = state->input;
@@ -678,6 +693,15 @@ parse_opts (int key, char *arg, struct argp_state *state)
"unknown client pid %s", arg);
break;
+ case ARGP_USER_MAP_ROOT_KEY:
+ pw = getpwnam (arg);
+ if (pw)
+ cmd_args->uid_map_root = pw->pw_uid;
+ else
+ argp_failure (state, -1, 0,
+ "user %s does not exist", arg);
+ break;
+
case ARGP_VOLFILE_CHECK_KEY:
cmd_args->volfile_check = 1;
break;
diff --git a/glusterfsd/src/glusterfsd.h b/glusterfsd/src/glusterfsd.h
index 847cfb63f..5106559c1 100644
--- a/glusterfsd/src/glusterfsd.h
+++ b/glusterfsd/src/glusterfsd.h
@@ -78,6 +78,7 @@ enum argp_option_keys {
ARGP_CLIENT_PID_KEY = 153,
ARGP_ACL_KEY = 154,
ARGP_WORM_KEY = 155,
+ ARGP_USER_MAP_ROOT_KEY = 156,
};
int glusterfs_mgmt_pmap_signout (glusterfs_ctx_t *ctx);
diff --git a/libglusterfs/src/glusterfs.h b/libglusterfs/src/glusterfs.h
index 049bb8fc0..316fc086d 100644
--- a/libglusterfs/src/glusterfs.h
+++ b/libglusterfs/src/glusterfs.h
@@ -291,6 +291,8 @@ struct _cmd_args {
char *dump_fuse;
pid_t client_pid;
int client_pid_set;
+ unsigned uid_map_root;
+
/* key args */
char *mount_point;
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
index 29e9787ed..174938a68 100644
--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
@@ -3211,6 +3211,10 @@ fuse_thread_proc (void *data)
msg = finh + 1;
}
+ if (priv->uid_map_root &&
+ finh->uid == priv->uid_map_root)
+ finh->uid = 0;
+
#ifdef GF_DARWIN_HOST_OS
if (finh->opcode >= FUSE_OP_HIGH)
/* turn down MacFUSE specific messages */
@@ -3599,6 +3603,11 @@ init (xlator_t *this_xl)
if (ret == 0)
priv->client_pid_set = _gf_true;
+ ret = dict_get_uint32 (options, "uid-map-root",
+ &priv->uid_map_root);
+ if (ret != 0)
+ priv->uid_map_root = 0;
+
priv->direct_io_mode = 2;
ret = dict_get_str (options, ZR_DIRECT_IO_OPT, &value_string);
if (ret == 0) {
@@ -3620,6 +3629,8 @@ init (xlator_t *this_xl)
ret = gf_string2boolean (value_string, &priv->acl);
GF_ASSERT (ret == 0);
}
+ if (priv->uid_map_root)
+ priv->acl = 1;
priv->fuse_dump_fd = -1;
@@ -3779,6 +3790,9 @@ struct volume_options options[] = {
{ .key = {"client-pid"},
.type = GF_OPTION_TYPE_INT
},
+ { .key = {"uid-map-root"},
+ .type = GF_OPTION_TYPE_INT
+ },
{ .key = {"sync-mtab"},
.type = GF_OPTION_TYPE_BOOL
},
diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h
index 954db3c27..c729c9468 100644
--- a/xlators/mount/fuse/src/fuse-bridge.h
+++ b/xlators/mount/fuse/src/fuse-bridge.h
@@ -106,6 +106,7 @@ struct fuse_private {
pid_t client_pid;
gf_boolean_t client_pid_set;
+ unsigned uid_map_root;
gf_boolean_t acl;
};
typedef struct fuse_private fuse_private_t;