summaryrefslogtreecommitdiffstats
path: root/xlators/system
diff options
context:
space:
mode:
authorshishir gowda <shishirng@gluster.com>2011-07-13 03:32:41 +0000
committerAnand Avati <avati@gluster.com>2011-07-13 03:00:29 -0700
commit9388760b9aad1ae2512eb108a4ca6b5c8638ea07 (patch)
tree88ceaa96aa6a91563b0265d2749a8778efcf7277 /xlators/system
parent9f2adc333dad1beb17b81bd55f5e32366320a4dc (diff)
access-control: NFS access control expects a return of valid mode
The permission check is same as that of posix. We break the requests into single checks, aggregate all the valid modes and return in reply. Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Vijay Bellur <vijay@gluster.com> BUG: 3057 () URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057 Signed-off-by: Anand Avati <avati@gluster.com> BUG: 3057 (acl permissions don't work on nfs mount) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
Diffstat (limited to 'xlators/system')
-rw-r--r--xlators/system/posix-acl/src/posix-acl.c42
1 files changed, 29 insertions, 13 deletions
diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c
index 1c7ef5733..96cdf0882 100644
--- a/xlators/system/posix-acl/src/posix-acl.c
+++ b/xlators/system/posix-acl/src/posix-acl.c
@@ -229,7 +229,6 @@ mask_check:
if (ace->tag != POSIX_ACL_MASK)
continue;
if ((ace->perm & perm & want) == want) {
- verdict = ace->perm & perm;
goto green;
}
goto red;
@@ -237,17 +236,13 @@ mask_check:
perm_check:
if ((perm & want) == want) {
- verdict = perm & want;
goto green;
} else {
goto red;
}
green:
- if (!want)
- verdict = 1;
- if (!verdict)
- verdict = want;
+ verdict = 1;
goto out;
red:
verdict = 0;
@@ -774,7 +769,10 @@ posix_acl_access (call_frame_t *frame, xlator_t *this, loc_t *loc, int mask)
int op_errno = 0;
int perm = 0;
int mode = 0;
+ int is_fuse_call = 0;
+ is_fuse_call = __is_fuse_call (frame);
+
if (mask & R_OK)
perm |= POSIX_ACL_READ;
if (mask & W_OK)
@@ -787,17 +785,35 @@ posix_acl_access (call_frame_t *frame, xlator_t *this, loc_t *loc, int mask)
goto unwind;
}
- mode = acl_permits (frame, loc->inode, perm);
- if (mode) {
- op_ret = 0;
- op_errno = 0;
+ if (is_fuse_call) {
+ mode = acl_permits (frame, loc->inode, perm);
+ if (mode) {
+ op_ret = 0;
+ op_errno = 0;
+ } else {
+ op_ret = -1;
+ op_errno = EACCES;
+ }
} else {
- op_ret = -1;
- op_errno = EACCES;
+ if (perm & POSIX_ACL_READ) {
+ if (acl_permits (frame, loc->inode, POSIX_ACL_READ))
+ mode |= POSIX_ACL_READ;
+ }
+
+ if (perm & POSIX_ACL_WRITE) {
+ if (acl_permits (frame, loc->inode, POSIX_ACL_WRITE))
+ mode |= POSIX_ACL_WRITE;
+ }
+
+ if (perm & POSIX_ACL_EXECUTE) {
+ if (acl_permits (frame, loc->inode, POSIX_ACL_EXECUTE))
+ mode |= POSIX_ACL_EXECUTE;
+ }
}
+
unwind:
- if (__is_fuse_call (frame))
+ if (is_fuse_call)
STACK_UNWIND_STRICT (access, frame, op_ret, op_errno);
else
STACK_UNWIND_STRICT (access, frame, 0, mode);