core/setxattr: prevent users from setting glusterfs xattrs

* Each xlator prevents the user from setting glusterfs-internal xattrs like trusted.gfid by handling it in respective setxattr functions. The speacial case of trusted.gfid is handled in fuse (Not in posix because posix_setxattr is used to set gfid). * For xlators which did not define setxattr and/or fsetxattr, the functions have been implemented with appropriate checks. xlator | fops-added _______________|__________________________ | 1. afr | fsetxattr 2. stripe | setxatrr and fsetxattr 3. quota | setxattr and fsetxattr Change-Id: Ib62abb7067415b23a708002f884d30e8866fbf48 BUG: 765487 Signed-off-by: Rajesh Amaravathi <rajesh@redhat.com> Reviewed-on: http://review.gluster.com/685 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Amar Tumballi <amar@gluster.com>
author: Rajesh Amaravathi <rajesh@redhat.com> 2011-12-06 11:35:33 +0530
committer: Anand Avati <avati@gluster.com> 2012-01-14 04:57:59 -0800
commit: 36cedb338ec1d021e189379f30100f0d983e3e01 (patch)
tree: 18f6cf77cb43bccd4f31a683e80341d47c10fa66 /libglusterfs
parent: 4e76cea78b11e9290b16c2faa85cf81b8e32b7ea (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/libglusterfs/src/common-utils.h b/libglusterfs/src/common-utils.h
index 6045cd3ef..4e7f981b3 100644
--- a/libglusterfs/src/common-utils.h
+++ b/libglusterfs/src/common-utils.h
@@ -176,6 +176,25 @@ extern char *gf_mgmt_list[GF_MGMT_MAXVALUE];
         } while (0);                                                    \
 
 
+#define GF_IF_INTERNAL_XATTR_GOTO(pattern, dict, trav, op_errno, label) \
+        do{                                                             \
+                if (!dict) {                                            \
+                        gf_log (THIS->name, GF_LOG_ERROR,               \
+                                "setxattr dict is null");               \
+                        goto label;                                     \
+                }                                                       \
+                trav = dict->members_list;                              \
+                while (trav) {                                          \
+                        if (!fnmatch (pattern, trav->key, 0)) {         \
+                                gf_log (THIS->name, GF_LOG_ERROR,       \
+                                        "attempt to set internal"       \
+                                        " xattr: %s", trav->key);       \
+                                op_errno = EPERM;                       \
+                                goto label;                             \
+                        }                                               \
+                        trav = trav->next;                              \
+                }                                                       \
+        } while(0);                                                     \
 
 #define GF_FILE_CONTENT_REQUESTED(_xattr_req,_content_limit) \
 	(dict_get_uint64 (_xattr_req, "glusterfs.content", _content_limit) == 0)
author	Rajesh Amaravathi <rajesh@redhat.com>	2011-12-06 11:35:33 +0530
committer	Anand Avati <avati@gluster.com>	2012-01-14 04:57:59 -0800
commit	36cedb338ec1d021e189379f30100f0d983e3e01 (patch)
tree	18f6cf77cb43bccd4f31a683e80341d47c10fa66 /libglusterfs
parent	4e76cea78b11e9290b16c2faa85cf81b8e32b7ea (diff)