diff options
author | Rajesh Amaravathi <rajesh@redhat.com> | 2011-12-06 11:35:33 +0530 |
---|---|---|
committer | Anand Avati <avati@gluster.com> | 2012-01-14 04:57:59 -0800 |
commit | 36cedb338ec1d021e189379f30100f0d983e3e01 (patch) | |
tree | 18f6cf77cb43bccd4f31a683e80341d47c10fa66 /xlators/cluster/stripe/src/stripe.c | |
parent | 4e76cea78b11e9290b16c2faa85cf81b8e32b7ea (diff) |
core/setxattr: prevent users from setting glusterfs xattrs
* Each xlator prevents the user from setting glusterfs-internal
xattrs like trusted.gfid by handling it in respective setxattr
functions. The speacial case of trusted.gfid is handled in
fuse (Not in posix because posix_setxattr is used to set gfid).
* For xlators which did not define setxattr and/or fsetxattr,
the functions have been implemented with appropriate checks.
xlator | fops-added
_______________|__________________________
|
1. afr | fsetxattr
2. stripe | setxatrr and fsetxattr
3. quota | setxattr and fsetxattr
Change-Id: Ib62abb7067415b23a708002f884d30e8866fbf48
BUG: 765487
Signed-off-by: Rajesh Amaravathi <rajesh@redhat.com>
Reviewed-on: http://review.gluster.com/685
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Amar Tumballi <amar@gluster.com>
Diffstat (limited to 'xlators/cluster/stripe/src/stripe.c')
-rw-r--r-- | xlators/cluster/stripe/src/stripe.c | 70 |
1 files changed, 69 insertions, 1 deletions
diff --git a/xlators/cluster/stripe/src/stripe.c b/xlators/cluster/stripe/src/stripe.c index 01064cd51..15cfb8f60 100644 --- a/xlators/cluster/stripe/src/stripe.c +++ b/xlators/cluster/stripe/src/stripe.c @@ -32,6 +32,7 @@ * very much necessary, or else, use it in combination with AFR, to have a * backup copy. */ +#include <fnmatch.h> #include "stripe.h" #include "libxlator.h" @@ -4167,6 +4168,72 @@ out: } +int +stripe_setxattr_cbk (call_frame_t *frame, void *cookie, + xlator_t *this, int op_ret, int op_errno) +{ + STRIPE_STACK_UNWIND (setxattr, frame, op_ret, op_errno); + return 0; +} + +int +stripe_setxattr (call_frame_t *frame, xlator_t *this, + loc_t *loc, dict_t *dict, int flags) +{ + data_pair_t *trav = NULL; + int32_t op_errno = EINVAL; + + VALIDATE_OR_GOTO (frame, err); + VALIDATE_OR_GOTO (this, err); + VALIDATE_OR_GOTO (loc, err); + + GF_IF_INTERNAL_XATTR_GOTO ("trusted.*stripe*", dict, + trav, op_errno, err); + + STACK_WIND (frame, stripe_setxattr_cbk, + FIRST_CHILD(this), + FIRST_CHILD(this)->fops->setxattr, + loc, dict, flags); + return 0; +err: + STRIPE_STACK_UNWIND (setxattr, frame, -1, op_errno); + return 0; +} + + +int +stripe_fsetxattr_cbk (call_frame_t *frame, void *cookie, + xlator_t *this, int op_ret, int op_errno) +{ + STRIPE_STACK_UNWIND (fsetxattr, frame, op_ret, op_errno); + return 0; +} + +int +stripe_fsetxattr (call_frame_t *frame, xlator_t *this, fd_t *fd, + dict_t *dict, int flags) +{ + data_pair_t *trav = NULL; + int32_t op_ret = -1; + int32_t op_errno = EINVAL; + + VALIDATE_OR_GOTO (frame, err); + VALIDATE_OR_GOTO (this, err); + VALIDATE_OR_GOTO (fd, err); + + GF_IF_INTERNAL_XATTR_GOTO ("trusted.*stripe*", dict, + trav, op_errno, err); + + STACK_WIND (frame, stripe_fsetxattr_cbk, + FIRST_CHILD(this), + FIRST_CHILD(this)->fops->fsetxattr, + fd, dict, flags); + return 0; + err: + STRIPE_STACK_UNWIND (fsetxattr, frame, op_ret, op_errno); + return 0; +} + int32_t stripe_readdirp_cbk (call_frame_t *frame, void *cookie, xlator_t *this, int32_t op_ret, int32_t op_errno, gf_dirent_t *orig_entries) @@ -4918,7 +4985,8 @@ struct xlator_fops fops = { .fsetattr = stripe_fsetattr, .lookup = stripe_lookup, .mknod = stripe_mknod, - + .setxattr = stripe_setxattr, + .fsetxattr = stripe_fsetxattr, .getxattr = stripe_getxattr, .readdirp = stripe_readdirp, }; |