diff options
author | shishir gowda <shishirng@gluster.com> | 2011-07-13 03:32:41 +0000 |
---|---|---|
committer | Anand Avati <avati@gluster.com> | 2011-07-13 03:00:29 -0700 |
commit | 9388760b9aad1ae2512eb108a4ca6b5c8638ea07 (patch) | |
tree | 88ceaa96aa6a91563b0265d2749a8778efcf7277 /xlators/system | |
parent | 9f2adc333dad1beb17b81bd55f5e32366320a4dc (diff) |
access-control: NFS access control expects a return of valid mode
The permission check is same as that of posix. We break the requests
into single checks, aggregate all the valid modes and return in reply.
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Vijay Bellur <vijay@gluster.com>
BUG: 3057 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 3057 (acl permissions don't work on nfs mount)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
Diffstat (limited to 'xlators/system')
-rw-r--r-- | xlators/system/posix-acl/src/posix-acl.c | 42 |
1 files changed, 29 insertions, 13 deletions
diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c index 1c7ef5733..96cdf0882 100644 --- a/xlators/system/posix-acl/src/posix-acl.c +++ b/xlators/system/posix-acl/src/posix-acl.c @@ -229,7 +229,6 @@ mask_check: if (ace->tag != POSIX_ACL_MASK) continue; if ((ace->perm & perm & want) == want) { - verdict = ace->perm & perm; goto green; } goto red; @@ -237,17 +236,13 @@ mask_check: perm_check: if ((perm & want) == want) { - verdict = perm & want; goto green; } else { goto red; } green: - if (!want) - verdict = 1; - if (!verdict) - verdict = want; + verdict = 1; goto out; red: verdict = 0; @@ -774,7 +769,10 @@ posix_acl_access (call_frame_t *frame, xlator_t *this, loc_t *loc, int mask) int op_errno = 0; int perm = 0; int mode = 0; + int is_fuse_call = 0; + is_fuse_call = __is_fuse_call (frame); + if (mask & R_OK) perm |= POSIX_ACL_READ; if (mask & W_OK) @@ -787,17 +785,35 @@ posix_acl_access (call_frame_t *frame, xlator_t *this, loc_t *loc, int mask) goto unwind; } - mode = acl_permits (frame, loc->inode, perm); - if (mode) { - op_ret = 0; - op_errno = 0; + if (is_fuse_call) { + mode = acl_permits (frame, loc->inode, perm); + if (mode) { + op_ret = 0; + op_errno = 0; + } else { + op_ret = -1; + op_errno = EACCES; + } } else { - op_ret = -1; - op_errno = EACCES; + if (perm & POSIX_ACL_READ) { + if (acl_permits (frame, loc->inode, POSIX_ACL_READ)) + mode |= POSIX_ACL_READ; + } + + if (perm & POSIX_ACL_WRITE) { + if (acl_permits (frame, loc->inode, POSIX_ACL_WRITE)) + mode |= POSIX_ACL_WRITE; + } + + if (perm & POSIX_ACL_EXECUTE) { + if (acl_permits (frame, loc->inode, POSIX_ACL_EXECUTE)) + mode |= POSIX_ACL_EXECUTE; + } } + unwind: - if (__is_fuse_call (frame)) + if (is_fuse_call) STACK_UNWIND_STRICT (access, frame, op_ret, op_errno); else STACK_UNWIND_STRICT (access, frame, 0, mode); |